Low-Level OCB API Vulnerability in OpenSSL by OpenSSL
CVE-2025-69418
What is CVE-2025-69418?
A vulnerability exists in the low-level OCB API of OpenSSL, where inputs not aligned to 16-byte lengths may result in the final partial block being left unencrypted and unauthenticated. This issue can lead to exposure of the last 1-15 bytes of a message in clear text, making them susceptible to unauthorized reading or tampering without detection. The problem arises when functions like CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() are called directly with non-aligned lengths on hardware-accelerated builds. Fortunately, this vulnerability does not impact regular OpenSSL users utilizing higher-level EVP implementations, as they effectively handle both full and partial blocks in separate invocations. Additionally, several FIPS-approved modules remain unaffected, given that OCB mode is not part of the approved algorithms.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
OpenSSL 3.6.0 < 3.6.1
OpenSSL 3.5.0 < 3.5.5
OpenSSL 3.4.0 < 3.4.4
References
Timeline
Vulnerability published
Vulnerability Reserved