Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202601-00000029

[Content Description]
OpenSSL is an open-source encryption library primarily used for secure communication, SSL/TLS protocol implementation, and credential management. It supports various encryption algorithms and is widely used in servers and applications.
Recently, OpenSSL released a security update patching a critical cybersecurity vulnerability (CVE-2025-15467, CVSS: 9.8). This is a stack buffer overflow vulnerability that could cause abnormal program termination, leading to denial-of-service (DoS) attacks, and even remote code execution.

[Affected Platforms]
OpenSSL library versions 3.6.0 to 3.6.1 (excluding 3.6.1)
OpenSSL library versions 3.5.0 to 3.5.5 (excluding 3.5.5)
OpenSSL library versions 3.4.0 to 3.4.4 (excluding 3.4.4)
OpenSSL library versions 3.3.0 to 3.3.6 (excluding 3.3.6)
OpenSSL library versions 3.0.0 to 3.0.19 (excluding 3.0.19)

[Recommended Actions]
Please update to the following versions:
OpenSSL library version 3.6.1 (inclusive) and later,
OpenSSL library version 3.5.5 (inclusive) and later,
OpenSSL library version 3.4.4 (inclusive) and later,
OpenSSL library version 3.3.6 (inclusive) and later,
OpenSSL library version 3.0.19 (inclusive) and later

[References]
1. https://www.twcert.org.tw/tw/cp-169-10692-38c40-1.html