Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

NULL Pointer Dereference in OpenSSL PKCS12_item_decrypt_d2i_ex()

IdentifiersCVE-2025-69421CWE-476· NULL Pointer Dereference

CVE-2025-69421 is a NULL pointer dereference in OpenSSL's PKCS#12 processing. When a malformed PKCS#12 file is processed, the PKCS12_item_decrypt_d2i_ex() function dereferences the oct parameter without first verifying that it is non-NULL. The vulnerable condition can be reached when PKCS12_item_decrypt_d2i_ex() is called from PKCS12_unpack_p7encdata() while handling malformed PKCS#12 content. Successful triggering causes the application using OpenSSL to crash. The issue is described as limited to denial of service and not leading to code execution or memory disclosure. Affected branches include OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1, and 1.0.2.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

An attacker can cause a denial of service by crashing an application that processes a crafted malformed PKCS#12 file. Based on the provided advisory content, the impact is limited to application termination/crash and is not believed to be exploitable for remote code execution, privilege escalation, or memory disclosure.

Mitigation

If you can’t patch tonight, do this now.

Until patched, reduce exposure by preventing or tightly restricting processing of untrusted PKCS#12 files. Where operationally possible, only accept PKCS#12 सामग्री from trusted sources, validate certificate/container inputs before import, and limit interfaces or workflows that allow users to upload or supply PKCS#12 files. In product-specific deployments, disable or restrict PKI client or certificate-upload functionality if not required.

Remediation

Patch, then assume compromise.

Upgrade to a fixed OpenSSL release for the affected branch. The provided content indicates fixes were released in OpenSSL 3.6.1, 3.5.5, 3.4.4, 3.3.6, 3.0.19, 1.1.1ze, and 1.0.2zn, with 1.1.1ze and 1.0.2zn noted as premium-support releases. Downstream products should be updated to vendor-remediated builds that incorporate these fixes.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
FreebsdFreebsdapplication
OpenSSL Software FoundationOpensslapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

30 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

30 SOURCESView more in app
help net securityNews
Mar 2, 2026
IPFire ships its 200th core update with a new domain blocklist and kernel upgrade - Help Net Security

An OpenSSL vulnerability patched by upgrading to OpenSSL 3.6.1 in IPFire Core Update 200.

Read more
f5News
Mar 2, 2026
Weekly Threat Bulletin - February 4th, 2026 | F5 Labs

Unknown (listed among related OpenSSL CVEs, but not described in the content).

Read more
cyber security newsNews
Jan 28, 2026
OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code

Low-severity OpenSSL null pointer dereference in PKCS#12 decryption handling, typically resulting in denial of service when parsing crafted PKCS#12 inputs.

Read more
alpinelinuxNews
Jan 27, 2026
Alpine 3.20.9, 3.21.6, 3.22.3 and 3.23.3 released | Alpine Linux

An OpenSSL vulnerability addressed in Alpine Linux stable releases 3.20.9, 3.21.6, 3.22.3, and 3.23.3.

Read more
+6 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity15

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-69421
NVD
nvd.nist.gov/vuln/detail/CVE-2025-69421
MITRE CWE · CWE-476
NULL Pointer Dereference
Patch
github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b
Patch
github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7
Patch
github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd
Patch
github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3
Patch
github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c
Vendor Advisory
openssl-library.org/news/secadv/20260127.txt
cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-265688.html