CVE & CISA-KEV Catalog

CVE-2025-66199

MEDIUM
5.9
CVSS v3
NVD

Description

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service). In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs. This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks. Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

How to fix

Remediation Available
opensslDebian
Fixed in:3.5.4-1~deb13u2CVE-2025-66199
Fixed in:3.5.5-1CVE-2025-66199
opensslRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
opensslRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debuginfoRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debuginfoRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debugsourceRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-debugsourceRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-develRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-develRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libsRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libsRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libs-debuginfoRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-libs-debuginfoRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-perlRed Hat / RHEL
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
openssl-perlRocky
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el10_1RHSA-2026:1472
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
Fixed in:1:3.5.1-7.el9_7RHSA-2026:1473
registry.redhat.io/costmanagement/costmanagement-metricsRed Hat / RHEL
Fixed in:operator-bundle@sha256:5acccd71d43acf0b452b05a87ddaecffe7bfb4dd47bab24725b1d4ec88879441_amd64RHSA-2026:3228
Fixed in:rhel9-operator@sha256:5ae433507d81fd888260a30b4519daf148c42a71d469e9f63eed75f599733937_s390xRHSA-2026:3228
Fixed in:rhel9-operator@sha256:7424ae28625701b1441987b0457100505e273b2cbcb087bf0c046d7b2cc596c7_ppc64leRHSA-2026:3228
Fixed in:rhel9-operator@sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1_arm64RHSA-2026:3228
Fixed in:rhel9-operator@sha256:210abe5689a75606b17b1cea30eeef8fd7f0ab39a5d2af6af32e314ed80928c7_amd64RHSA-2026:3228
registry.redhat.io/costmanagement/costmanagement-metricsRocky
Fixed in:rhel9-operator@sha256:5ae433507d81fd888260a30b4519daf148c42a71d469e9f63eed75f599733937_s390xRHSA-2026:3228
Fixed in:rhel9-operator@sha256:7424ae28625701b1441987b0457100505e273b2cbcb087bf0c046d7b2cc596c7_ppc64leRHSA-2026:3228
Fixed in:rhel9-operator@sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1_arm64RHSA-2026:3228
Fixed in:operator-bundle@sha256:5acccd71d43acf0b452b05a87ddaecffe7bfb4dd47bab24725b1d4ec88879441_amd64RHSA-2026:3228
Fixed in:rhel9-operator@sha256:210abe5689a75606b17b1cea30eeef8fd7f0ab39a5d2af6af32e314ed80928c7_amd64RHSA-2026:3228
registry.redhat.io/discovery/discoveryRed Hat / RHEL
Fixed in:ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64RHSA-2026:1736
Fixed in:server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64RHSA-2026:1736
Fixed in:ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64RHSA-2026:1736
Fixed in:server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64RHSA-2026:1736
registry.redhat.io/discovery/discoveryRocky
Fixed in:server-rhel9@sha256:d4d6cd6b1a84587ee851c4f76b47c1e6bf9f597f4a476c34e4a257cd1a860448_amd64RHSA-2026:1736
Fixed in:ui-rhel9@sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6_amd64RHSA-2026:1736
Fixed in:ui-rhel9@sha256:4ba29e3e7565cfdfdedcc558bc8495398cee07742fda133b0bc04fd657b908cd_arm64RHSA-2026:1736
Fixed in:server-rhel9@sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8_arm64RHSA-2026:1736
registry.redhat.io/insights-proxy/insights-proxyRed Hat / RHEL
Fixed in:container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64RHSA-2026:2485
Fixed in:container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64RHSA-2026:2485
registry.redhat.io/insights-proxy/insights-proxyRocky
Fixed in:container-rhel9@sha256:ab86ba36e62e8aec5ba48e9e0076b1f8086c48157c85990be0e2ce3e03273016_amd64RHSA-2026:2485
Fixed in:container-rhel9@sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc_arm64RHSA-2026:2485
registry.redhat.io/rhui5/cdsRed Hat / RHEL
Fixed in:rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524_amd64RHSA-2026:4943
registry.redhat.io/rhui5/cdsRocky
Fixed in:rhel9@sha256:83e8b356eb4697a81ff8c6764dc976862800f4c78122a606173340a6e105a4fe_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524_amd64RHSA-2026:4943
registry.redhat.io/rhui5/haproxyRocky
Fixed in:rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3_amd64RHSA-2026:4943
registry.redhat.io/rhui5/haproxyRed Hat / RHEL
Fixed in:rhel9@sha256:409a64405669fd11ad8700356243762a3507430f9bba4100bb92765d4482b7e5_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3_amd64RHSA-2026:4943
registry.redhat.io/rhui5/installerRed Hat / RHEL
Fixed in:rhel9@sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f_amd64RHSA-2026:4943
Fixed in:rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64RHSA-2026:2563
registry.redhat.io/rhui5/installerRocky
Fixed in:rhel9@sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f_amd64RHSA-2026:4943
registry.redhat.io/rhui5/rhuaRocky
Fixed in:rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778_amd64RHSA-2026:4943
registry.redhat.io/rhui5/rhuaRed Hat / RHEL
Fixed in:rhel9@sha256:df709663b581b740006c6ea4b297978932874eade1563c3952e0594e926aa5f8_amd64RHSA-2026:2563
Fixed in:rhel9@sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778_amd64RHSA-2026:4943
libssl3Ubuntu
Fixed in:3.0.2-0ubuntu1.21USN-7980-1
libssl3t64Ubuntu
Fixed in:3.0.13-0ubuntu3.7USN-7980-1
Fixed in:3.5.3-1ubuntu3USN-7980-1
opensslUbuntu
Fixed in:3.0.2-0ubuntu1.21USN-7980-1
Fixed in:3.0.13-0ubuntu3.7USN-7980-1
Fixed in:3.5.3-1ubuntu3USN-7980-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Intelligence

0.40%probability of exploitation in 30 days
32ndpercentile

Low risk: more likely to be exploited than 32% of all known CVEs.

References

Embed a live status badge for CVE-2025-66199
CVE-2025-66199 severity badge

Markdown

[![CVE-2025-66199](https://tridentstack.com/cve/badge/CVE-2025-66199.svg)](https://tridentstack.com/cve/CVE-2025-66199)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-66199"><img src="https://tridentstack.com/cve/badge/CVE-2025-66199.svg" alt="CVE-2025-66199"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-02-02.