CVE-2025-9231
Deferred Deferred - Pending Action

BaseFortify

Vulnerability report for CVE-2025-9231, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-09-30

Last updated on: 2026-06-02

Assigner: OpenSSL Software Foundation

Description

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-09-30
Last Modified
2026-06-02
Generated
2026-07-06
AI Q&A
2025-09-30
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
openssl openssl 3.5.4
openssl openssl 3.0.18
openssl openssl 3.2.6
openssl openssl 3.3.5
openssl openssl 1.1.1zd
openssl openssl 3.4.3
openssl openssl 1.0.2zm

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-385 Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a timing side-channel issue in the SM2 algorithm implementation on 64-bit ARM platforms. It arises because the modular inversion operation in SM2 cryptographic computations was not performed in constant time, allowing attackers to potentially measure timing differences and recover the private key remotely. The vulnerability specifically affects SM2 signature computations and could leak sensitive key information through timing analysis. [1, 2, 3, 4]

Impact Analysis

If you use SM2 cryptographic keys on 64-bit ARM platforms, an attacker could exploit timing differences during signature computations to recover your private key remotely. This would compromise the security of your cryptographic operations, potentially allowing unauthorized access or impersonation. However, since OpenSSL does not directly support SM2 keys in TLS by default, the risk is limited to environments where custom providers add such support. [1, 2, 3, 4]

Mitigation Strategies

To mitigate this vulnerability, update your OpenSSL implementation to a version that includes the fix for CVE-2025-9231. The fix involves implementing a constant-time modular inversion algorithm in the SM2 cryptographic operations, which prevents timing side-channel attacks. Applying the relevant patches or upgrading to a version of OpenSSL that contains these commits will address the issue. [1, 2, 3, 4]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9231. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart