Three vulnerabilities have been patched with the release of OpenSSL updates.
October 1, 2025 By Eduard Kovacs
The OpenSSL Project has announced the availability of several new versions of the open source SSL/TLS toolkit, which include patches for three vulnerabilities.
Versions 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.0.2zm and 1.1.1zd of the OpenSSL Library have been released. Most of them fix all three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231 and CVE-2025-9232.
Two of the vulnerabilities have been assigned a ‘moderate severity’ rating. One of them is CVE-2025-9231, which may allow an attacker to recover the private key.
OpenSSL is used by many applications, websites and services for securing communications and an attacker who can obtain a private key may be able to decrypt encrypted traffic or conduct a man-in-the-middle (MitM) attack.
