OESA-2025-2502 edk2 security update

🗓️ 24 Oct 2025 14:33:05Reported by GoogleType

osv🔗 osv.dev👁 3 Views

EDK II security update fixes out-of-bounds read and write in CMS password-based decryption, potentially causing denial of service or code execution.

Reporter	Title	Published	Views	Family All 460
FreeBSD	OpenSSL -- multiple vulnerabilities	30 Sep 202500:00	–	freebsd
FreeBSD	LibreSSL -- overwrite and -read vulnerability	1 Oct 202500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Muliple security vulnerabilities found in IBM CICS TX Standard.	22 Apr 202614:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	17 Dec 202514:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	10 Dec 202516:39	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.	25 Feb 202617:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in openssl library (CVE-2025-9230) affects Power HMC.	31 Mar 202615:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza Appliance	16 Apr 202611:32	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms	5 Mar 202613:53	–	ibm
IBM Security Bulletins	Security Bulletin: Enumeration of users, compromised data confidentiality and integrity, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	23 Mar 202616:22	–	ibm

Source	Link
openeuler	www.openeuler.org/zh/security/security-bulletins/detail/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-9230

24 Oct 2025 15:03Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.5

EPSS0.00041

SSVC