CVE & CISA-KEV Catalog

CVE-2025-15468

MEDIUM
5.9
CVSS v3
NVD

Description

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

How to fix

Remediation Available
opensslDebian
Fixed in:3.5.4-1~deb13u2CVE-2025-15468
Fixed in:3.5.5-1CVE-2025-15468
opensslRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
opensslRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debuginfoRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debuginfoRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debugsourceRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debugsourceRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-develRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-develRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libsRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libsRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libs-debuginfoRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libs-debuginfoRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-perlRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-perlRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
registry.redhat.io/costmanagement/costmanagement-metricsRocky
Fixed in:rhel9-operator@sha256:5ae433507d81fd888260a30b4519daf148c42a71d469e9f63eed75f599733937_s390xRHSA-2026:3228
Fixed in:rhel9-operator@sha256:7424ae28625701b1441987b0457100505e273b2cbcb087bf0c046d7b2cc596c7_ppc64leRHSA-2026:3228
Fixed in:rhel9-operator@sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1_arm64RHSA-2026:3228
Fixed in:operator-bundle@sha256:5acccd71d43acf0b452b05a87ddaecffe7bfb4dd47bab24725b1d4ec88879441_amd64RHSA-2026:3228
Fixed in:rhel9-operator@sha256:210abe5689a75606b17b1cea30eeef8fd7f0ab39a5d2af6af32e314ed80928c7_amd64RHSA-2026:3228
registry.redhat.io/costmanagement/costmanagement-metricsRed Hat / RHEL
Fixed in:rhel9-operator@sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1_arm64RHSA-2026:3228
Fixed in:operator-bundle@sha256:5acccd71d43acf0b452b05a87ddaecffe7bfb4dd47bab24725b1d4ec88879441_amd64RHSA-2026:3228
Fixed in:rhel9-operator@sha256:210abe5689a75606b17b1cea30eeef8fd7f0ab39a5d2af6af32e314ed80928c7_amd64RHSA-2026:3228
Fixed in:rhel9-operator@sha256:7424ae28625701b1441987b0457100505e273b2cbcb087bf0c046d7b2cc596c7_ppc64leRHSA-2026:3228
Fixed in:rhel9-operator@sha256:5ae433507d81fd888260a30b4519daf148c42a71d469e9f63eed75f599733937_s390xRHSA-2026:3228
registry.redhat.io/discovery/discoveryRed Hat / RHEL
Fixed in:server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64RHSA-2026:1736
Fixed in:ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64RHSA-2026:1736
Fixed in:server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64RHSA-2026:1736
Fixed in:ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64RHSA-2026:1736
registry.redhat.io/discovery/discoveryRocky
Fixed in:server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64RHSA-2026:1736
Fixed in:ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64RHSA-2026:1736
Fixed in:server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64RHSA-2026:1736
Fixed in:ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64RHSA-2026:1736
registry.redhat.io/insights-proxy/insights-proxyRed Hat / RHEL
Fixed in:container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64RHSA-2026:2485
Fixed in:container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64RHSA-2026:2485
registry.redhat.io/insights-proxy/insights-proxyRocky
Fixed in:container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64RHSA-2026:2485
Fixed in:container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64RHSA-2026:2485
registry.redhat.io/rhui5/cdsRed Hat / RHEL
Fixed in:rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524_amd64RHSA-2026:4943
registry.redhat.io/rhui5/cdsRocky
Fixed in:rhel9@sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524_amd64RHSA-2026:4943
Fixed in:rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64RHSA-2026:2563
registry.redhat.io/rhui5/haproxyRocky
Fixed in:rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3_amd64RHSA-2026:4943
registry.redhat.io/rhui5/haproxyRed Hat / RHEL
Fixed in:rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3_amd64RHSA-2026:4943
registry.redhat.io/rhui5/installerRocky
Fixed in:rhel9@sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f_amd64RHSA-2026:4943
Fixed in:rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64RHSA-2026:2563
registry.redhat.io/rhui5/installerRed Hat / RHEL
Fixed in:rhel9@sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f_amd64RHSA-2026:4943
Fixed in:rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64RHSA-2026:2563
registry.redhat.io/rhui5/rhuaRocky
Fixed in:rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778_amd64RHSA-2026:4943
registry.redhat.io/rhui5/rhuaRed Hat / RHEL
Fixed in:rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778_amd64RHSA-2026:4943
libssl3Ubuntu
Fixed in:3.0.2-0ubuntu1.21USN-7980-1
libssl3t64Ubuntu
Fixed in:3.0.13-0ubuntu3.7USN-7980-1
Fixed in:3.5.3-1ubuntu3USN-7980-1
opensslUbuntu
Fixed in:3.0.2-0ubuntu1.21USN-7980-1
Fixed in:3.0.13-0ubuntu3.7USN-7980-1
Fixed in:3.5.3-1ubuntu3USN-7980-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.75%probability of exploitation in 30 days
50thpercentile

Moderate risk: more likely to be exploited than 50% of all known CVEs.

References

Related Vulnerabilities

Other CWE-476 (NULL Pointer Dereference) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-21758High7.592%-Fix
CVE-2023-21547High7.588%-Fix
CVE-2014-3470Medium4.386%-Fix
CVE-2021-44224High8.282%-Fix
CVE-2016-0742High7.582%-Fix
CVE-2009-1386Medium5.080%-Fix
Embed a live status badge for CVE-2025-15468
CVE-2025-15468 severity badge

Markdown

[![CVE-2025-15468](https://tridentstack.com/cve/badge/CVE-2025-15468.svg)](https://tridentstack.com/cve/CVE-2025-15468)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-15468"><img src="https://tridentstack.com/cve/badge/CVE-2025-15468.svg" alt="CVE-2025-15468"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-02-02.