VDB

CVE-2025-15467

CVE-2025-15467 PUBLISHED CVSS 9.800000190734863 CRITICAL

When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk.

EPSS 2.89% · 86.6th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
2.89%
86.6th percentile

Affected Products

VendorProductVersions
ABBABB AC500 V3 Firmware 3.9.0 installed on ABB AC500 V3 PM5xxx

Exploit Intelligence

…and 262 more exploits

Timeline

  • Jan 27, 2026 CVE Published
  • Jan 28, 2026 EPSS Score
  • Jan 30, 2026 EPSS Score
  • Feb 2, 2026 EPSS Score
  • Feb 4, 2026 EPSS Score
  • Feb 7, 2026 EPSS Score
  • Feb 9, 2026 EPSS Score
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 17, 2026 EPSS Score
  • Feb 19, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›