HIGH

CVE-2025-69420

Missing ASN1_TYPE validation in TS_RESP_verify_response() function

CVSS v3

7.5

HIGH

EPSS Score

0.3%

exploit probability

CISA KEV

No

known exploited

Exploitation

none

SSVC status

Description

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions oss

Technical details

CVSS v3 Vector
3.1
Published
1/27/2026
Last Modified
2/2/2026

Frequently asked questions

What is CVE-2025-69420?

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions oss

Is CVE-2025-69420 actively exploited?

Active exploitation of CVE-2025-69420 has not been confirmed. The EPSS score is 0.3%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-69420?

CVE-2025-69420 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.

Is CVE-2025-69420 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.