Medium

OpenSSL openssl dgst silent truncation integrity bypass

IdentifiersCVE-2025-15469CWE-345

CVE-2025-15469 is a flaw in the OpenSSL command-line tool 'openssl dgst' affecting the one-shot signing/verification code path. When used with algorithms that only support one-shot operation, including Ed25519, Ed448, ML-DSA-44, ML-DSA-65, and ML-DSA-87, the tool buffers input with a 16 MB limit. If the input exceeds that limit, 'openssl dgst' silently truncates processing to the first 16 MB and still reports success instead of returning an error as documented. As a result, signatures generated or verified through this affected code path may cover only the first 16 MB of a file while trailing bytes remain outside the authenticated data. The issue affects OpenSSL 3.5 and 3.6, specifically the command-line tool behavior; streaming digest algorithms and library API users are not affected.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

The primary impact is an integrity/authenticity bypass in affected workflows. A user may believe that an entire file larger than 16 MB has been signed or verified, while in reality only the first 16 MB was processed. If both signing and verification are performed using the affected 'openssl dgst' one-shot path, trailing data beyond 16 MB can be modified without detection. Verifiers that process the full message via OpenSSL library APIs will reject such signatures, so the risk is concentrated in operational workflows that rely on the vulnerable command-line behavior on both sides. This does not directly provide code execution or privilege escalation, but it can enable undetected tampering of signed content.

Mitigation

If you can’t patch tonight, do this now.

Until patched, do not use 'openssl dgst' with one-shot signing algorithms on inputs larger than 16 MB. Prefer verification implementations that process the full message through library APIs, or use signing workflows/algorithms that support streaming and are not subject to the affected buffering behavior. Where operationally possible, enforce file-size limits below 16 MB for affected one-shot 'openssl dgst' use cases and independently validate signed artifacts with tooling known to process the complete input.

Remediation

Patch, then assume compromise.

Upgrade OpenSSL to a fixed release: 3.6.1 for the 3.6 branch or 3.5.5 for the 3.5 branch. OpenSSL 3.4, 3.3, 3.0, 1.1.1, and 1.0.2 are not affected. Apply vendor-supplied downstream updates where OpenSSL is bundled by an operating system or appliance. After upgrading, revalidate any workflows that use 'openssl dgst' with one-shot algorithms for large-file signing or verification.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

FreebsdFreebsdapplication

OpenSSL Software FoundationOpensslapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

23 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

23 SOURCESView more in app

help net securityNews

Mar 2, 2026

IPFire ships its 200th core update with a new domain blocklist and kernel upgrade - Help Net Security

An OpenSSL vulnerability patched by upgrading to OpenSSL 3.6.1 in IPFire Core Update 200.

f5News

Mar 2, 2026

Weekly Threat Bulletin - February 4th, 2026 | F5 Labs

Unknown (listed among related OpenSSL CVEs, but not described in the content).

cyber security newsNews

Jan 28, 2026

OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code

Low-severity OpenSSL issue where the 'dgst' tool truncates large inputs, potentially impacting integrity/verification workflows relying on correct hashing of very large data.

alpinelinuxNews

Jan 27, 2026

Alpine 3.20.9, 3.21.6, 3.22.3 and 3.23.3 released | Alpine Linux

An OpenSSL vulnerability addressed in Alpine Linux stable releases 3.20.9, 3.21.6, 3.22.3, and 3.23.3.

+3 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity11

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-15469

NVD

nvd.nist.gov/vuln/detail/CVE-2025-15469

MITRE CWE · CWE-345

cwe.mitre.org

Patch

github.com/openssl/openssl/commit/310f305eb92ea8040d6b3cb75a5feeba8e6acf2f

Patch

github.com/openssl/openssl/commit/a7936fa4bd23c906e1955a16a0a0ab39a4953a61

Vendor Advisory

openssl-library.org/news/secadv/20260127.txt