CVE-2025-9232

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-9232
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-9232.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-9232
Downstream
Related
Published
2025-09-30T13:17:19.172Z
Modified
2026-06-18T19:53:43.428465Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Out-of-bounds read in HTTP client no_proxy handling
Details

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address.

Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application.

The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker.

In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity.

The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.

The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

Database specific 
{
    "cna_assigner": "openssl",
    "cwe_ids": [
        "CWE-125"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/9xxx/CVE-2025-9232.json"
}
References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Introduced
636dfadc70ce26f2473870570bfd9ec352806b1d
Introduced
98acb6b02839c609ef5b837794e08d906d965335
Introduced
42768eafab40d3e2f0851caa84aa9801139c74ab
Introduced
8ac4271233ecec5aa0468a5e7ae38dd642ebf365
Introduced
fa1e5dfb142bb1c26c3c38a10aafa7a095df52e5
Fixed
c1eeb9406b6142148f267594197d853403d10208
Fixed
474f0e27bc6b23bbc3ae18543ede9315adfddf1a
Fixed
f10934c46fef092d04788f01fd0a4eafe3ef715f
Fixed
86874e2ee18ccc14aa518bffa178ebada9c66c86
Fixed
c10e643222ce5a185f2980d7352d545afacb0fed
Fixed
2b4ec20e47959170422922eaff25346d362dcb35
Fixed
654dc11d23468a74fc8ea4672b702dd3feb7be4b
Fixed
7cf21a30513c9e43c4bc3836c237cf086e194af3
Fixed
89e790ac431125a4849992858490bed6b225eadf
Fixed
bbf38c034cdabd0a13330abcc4855c866f53d2e0
Database specific 
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.4"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.3"
        },
        {
            "introduced": "3.3.3"
        },
        {
            "fixed": "3.3.5"
        },
        {
            "introduced": "3.2.4"
        },
        {
            "fixed": "3.2.6"
        },
        {
            "introduced": "3.0.16"
        },
        {
            "fixed": "3.0.18"
        }
    ]
}

Affected versions

openssl-3.*
openssl-3.0.16
openssl-3.0.17
openssl-3.2.4
openssl-3.2.5
openssl-3.3.3
openssl-3.3.4
openssl-3.4.0
openssl-3.4.1
openssl-3.4.2
openssl-3.5.0
openssl-3.5.1
openssl-3.5.2
openssl-3.5.3

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf",
        "target": {
            "file": "crypto/http/http_lib.c"
        },
        "id": "CVE-2025-9232-5b447975",
        "digest": {
            "line_hashes": [
                "280817224452240206430093593508711998688",
                "191549696440367780559709063304346948740",
                "203099402604054992460750042534343877170",
                "208386829564166036621811124256000231791"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0",
        "target": {
            "file": "crypto/http/http_lib.c"
        },
        "id": "CVE-2025-9232-7d81e74d",
        "digest": {
            "line_hashes": [
                "280817224452240206430093593508711998688",
                "191549696440367780559709063304346948740",
                "203099402604054992460750042534343877170",
                "208386829564166036621811124256000231791"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35",
        "target": {
            "file": "crypto/http/http_lib.c",
            "function": "use_proxy"
        },
        "id": "CVE-2025-9232-7f78c982",
        "digest": {
            "function_hash": "292430765755867081677309465971519558590",
            "length": 778.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3",
        "target": {
            "file": "crypto/http/http_lib.c",
            "function": "use_proxy"
        },
        "id": "CVE-2025-9232-9430a645",
        "digest": {
            "function_hash": "292430765755867081677309465971519558590",
            "length": 778.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b",
        "target": {
            "file": "crypto/http/http_lib.c"
        },
        "id": "CVE-2025-9232-9c2be9ca",
        "digest": {
            "line_hashes": [
                "280817224452240206430093593508711998688",
                "191549696440367780559709063304346948740",
                "203099402604054992460750042534343877170",
                "208386829564166036621811124256000231791"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35",
        "target": {
            "file": "crypto/http/http_lib.c"
        },
        "id": "CVE-2025-9232-acc86cbe",
        "digest": {
            "line_hashes": [
                "280817224452240206430093593508711998688",
                "191549696440367780559709063304346948740",
                "203099402604054992460750042534343877170",
                "208386829564166036621811124256000231791"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3",
        "target": {
            "file": "crypto/http/http_lib.c"
        },
        "id": "CVE-2025-9232-c0b402f3",
        "digest": {
            "line_hashes": [
                "280817224452240206430093593508711998688",
                "191549696440367780559709063304346948740",
                "203099402604054992460750042534343877170",
                "208386829564166036621811124256000231791"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf",
        "target": {
            "file": "crypto/http/http_lib.c",
            "function": "use_proxy"
        },
        "id": "CVE-2025-9232-cb61dc5c",
        "digest": {
            "function_hash": "292430765755867081677309465971519558590",
            "length": 778.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0",
        "target": {
            "file": "crypto/http/http_lib.c",
            "function": "use_proxy"
        },
        "id": "CVE-2025-9232-ceff507a",
        "digest": {
            "function_hash": "292430765755867081677309465971519558590",
            "length": 778.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b",
        "target": {
            "file": "crypto/http/http_lib.c",
            "function": "use_proxy"
        },
        "id": "CVE-2025-9232-febf0b76",
        "digest": {
            "function_hash": "292430765755867081677309465971519558590",
            "length": 778.0
        },
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-9232.json"
vanir_signatures_modified 
"2026-06-18T19:53:43Z"