1. Home
  2. Vulnerabilities
  3. CVE-2025-15468
0.0
NA
CVE-2025-15468
NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
Description

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

INFO

Published Date :

Jan. 27, 2026, 4:16 p.m.

Last Modified :

Jan. 27, 2026, 4:16 p.m.

Remotely Exploit :

No

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-15468 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Openssl openssl
: Total Affected Vendor : 1 | Products : 1
Solution
Update to a patched version of OpenSSL to fix the NULL dereference vulnerability.
  • Update OpenSSL to a version that addresses the NULL dereference.
  • Ensure application uses patched SSL_CIPHER_find() implementation.
  • Consider disabling QUIC protocol if patching is not immediate.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-15468.

URL Resource
https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65
https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2
https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4
https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7
https://openssl-library.org/news/secadv/20260127.txt
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-15468 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-15468 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-15468 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-15468 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 27, 2026

    Action Type Old Value New Value
    Added Description Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.
    Added CWE CWE-476
    Added Reference https://github.com/openssl/openssl/commit/1f08e54bad32843044fe8a675948d65e3b4ece65
    Added Reference https://github.com/openssl/openssl/commit/7c88376731c589ee5b36116c5a6e32d5ae5f7ae2
    Added Reference https://github.com/openssl/openssl/commit/b2539639400288a4580fe2d76247541b976bade4
    Added Reference https://github.com/openssl/openssl/commit/d75b309879631d45b972396ce4e5102559c64ac7
    Added Reference https://openssl-library.org/news/secadv/20260127.txt
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.