OpenSSL Property Handling Flaw Allows Unintended Input Handling
CVE-2025-3416

3.7LOW

Key Information:

Vendor: Red Hat
Status: Red Hat Directory Server 11; Red Hat Directory Server 12; Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6
Vendor: CVE Published:; 8 April 2025

What is CVE-2025-3416?

A flaw exists in OpenSSL's processing of the properties argument in specific functions, which can be exploited through use-after-free techniques. This exploitation may lead to undefined behavior during execution, allowing OpenSSL to incorrectly parse properties and potentially treat the input as an empty string. Developers need to be aware of this issue to mitigate risks associated with improper input handling and ensure secure application performance.

References

https://access.redhat.com/security/cve/CVE-2025-3416

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2357560

issue-trackingx_refsource_REDHAT

https://github.com/sfackler/rust-openssl

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Apr 7, 2025

Red Hat

What is CVE-2025-3416?

References

CVSS V3.1

Timeline