CVE-2025-32989

5.3 MEDIUM
Published: July 10, 2025 Modified: December 01, 2025
View on NVD

Description

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://access.redhat.com/errata/RHSA-2025:16115
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:16116
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:17181
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:17348
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:17361
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:19088
Source: secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:22529
Source: secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2025-32989
Source: secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359621
Source: secalert@redhat.com
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/07/11/3
Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
0.1%
25th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-295

Affected Vendors

gnu redhat

Related CVEs

CVE-2026-21652 N/A
CVE-2026-21651 N/A
CVE-2026-21650 N/A
CVE-2026-21649 N/A
CVE-2026-21648 N/A