Type Confusion Vulnerability in OpenSSL Affecting TimeStamp Responses
CVE-2025-69420

7.5HIGH

Key Information:

Vendor

OpenSSL
Status
OpenSSL
Vendor
CVE Published:
27 January 2026

What is CVE-2025-69420?

A type confusion vulnerability exists within OpenSSL's TimeStamp Response verification code, which can lead to Denial of Service. When an invalid type is accessed without preliminary validation, applications invoking TS_RESP_verify_response() with a malformed TimeStamp Response can experience a memory crash due to dereferencing invalid pointers. This flaw specifically affects OpenSSL versions 3.6, 3.5, 3.4, 3.3, and 3.0, as the handling of ASN1_TYPE unions allows for these problematic memory accesses, making the exploitation possible through deliberately crafted Timestamp Responses.

Affected Version(s)

OpenSSL 3.6.0 < 3.6.1

OpenSSL 3.5.0 < 3.5.5

OpenSSL 3.4.0 < 3.4.4

References

https://openssl-library.org/news/secadv/20260127.txt
vendor-advisory
https://github.com/openssl/openssl/commit/a99349ebfc51999...
patch
https://github.com/openssl/openssl/commit/564fd9c73787f25...
patch

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Luigino Camastra (Aisle Research)
Bob Beck
.