Medium

OpenSSL HTTP client no_proxy IPv6 out-of-bounds read

IdentifiersCVE-2025-9232CWE-125· Out-of-bounds Read

CVE-2025-9232 is an out-of-bounds read in OpenSSL's HTTP client API no_proxy handling. An application using the OpenSSL HTTP client API functions may trigger the flaw when the no_proxy environment variable is set and the host portion of the authority component of an HTTP URL is an IPv6 address. The vulnerable code is also reachable indirectly via OpenSSL's OCSP client functions and CMP client implementation, although the associated URLs in those paths are considered unlikely to be attacker-controlled. OpenSSL states the vulnerable code was introduced in patch releases 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0, and 3.5.0. The issue is assessed as low severity because exploitation requires attacker influence over the URL input and, in the vulnerable code path, the out-of-bounds read can only trigger a crash.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation causes an application crash, resulting in denial of service. Based on the provided vendor description, the out-of-bounds read does not provide code execution or data disclosure and is limited to crash/DoS impact in the vulnerable path.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure by preventing attacker-controlled URLs from reaching OpenSSL HTTP client API consumers, including any application logic that passes externally supplied HTTP URLs into OpenSSL HTTP, OCSP, or CMP client functionality. Where operationally feasible, unset or tightly control the no_proxy environment variable on affected processes. There is no general vendor workaround in the provided content.

Remediation

Patch, then assume compromise.

Upgrade OpenSSL to a fixed release. The provided content identifies patched versions as 3.5.4, 3.4.3, 3.3.5, 3.2.6, and 3.0.18 for the supported 3.x branches. Downstream vendors should also consume package updates that incorporate these fixes. Restart affected applications or services after updating so they load the corrected OpenSSL library.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

FreebsdFreebsdapplication

OpenSSL Software FoundationOpensslapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

37 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

37 SOURCESView more in app

cyber security newsNews

Mar 10, 2026

SAP Security Update - Patch for Multiple Vulnerabilities that Enable Remote Code Execution

Denial-of-service condition associated with an outdated OpenSSL version used by SAP NetWeaver AS Java Adobe Document Services component.

openssl libraryNews

Jan 27, 2026

OpenSSL 3.3 Series Release Notes | OpenSSL Library

An out-of-bounds read vulnerability in HTTP client no_proxy handling in OpenSSL.

openssl libraryNews

Jan 27, 2026

OpenSSL 3.4 Series Release Notes | OpenSSL Library

An out-of-bounds read in HTTP client no_proxy handling in OpenSSL.

openssl libraryNews

Jan 27, 2026

OpenSSL 3.5 Series Release Notes | OpenSSL Library

An out-of-bounds read in HTTP client no_proxy handling in OpenSSL, fixed in the 3.5.4 security patch release.

+7 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity21

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-9232

NVD

nvd.nist.gov/vuln/detail/CVE-2025-9232

MITRE CWE · CWE-125

Out-of-bounds Read

openwall.com

openwall.com/lists/oss-security/2025/09/30/5

cert-portal.siemens.com

cert-portal.siemens.com/productcert/html/ssa-032379.html

cert-portal.siemens.com

cert-portal.siemens.com/productcert/html/ssa-082556.html

cert-portal.siemens.com

cert-portal.siemens.com/productcert/html/ssa-089022.html

cert-portal.siemens.com

cert-portal.siemens.com/productcert/html/ssa-253495.html

cert-portal.siemens.com

cert-portal.siemens.com/productcert/html/ssa-485750.html

github.com

github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35

github.com

github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b

github.com

github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3

+3 more references

view more in app