CVE-2025-15467 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-15467 PUBLISHED CVSS 9.800000190734863 CRITICAL

When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.

EPSS 0.82% · 74.3th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.82%

74.3th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB AC500 V3 Firmware 3.9.0 installed on ABB AC500 V3 PM5xxx

Timeline

Jan 6, 2026 CVE ID Reserved
Jan 27, 2026 CVE Published
Jan 28, 2026 EPSS Score
Jan 30, 2026 EPSS Score
Feb 1, 2026 EPSS Score
Feb 3, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 12, 2026 EPSS Score
Feb 14, 2026 EPSS Score

References

Open in Interactive Console →