CVSS v3
7.5
HIGH
EPSS Score
0.0%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, cau
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, cau
Active exploitation of CVE-2025-69421 has not been confirmed. The EPSS score is 0.0%, indicating the estimated probability of exploitation in the next 30 days.
CVE-2025-69421 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.