OpenSSL CMS Password-Based Encryption Memory Corruption (CVE-2025-9230)

Nov 20, 2025

Summary

Out-of-bounds read/write in OpenSSL’s CMS PWRI decryption may cause DoS or memory corruption.

Vulnerability ID

Vulnerability Overview

CVE-2025-9230

OpenSSL contains a flaw in the handling of CMS Password Recipient Info (PWRI) messages. Malformed encrypted CMS data may cause an out-of-bounds read or write during decryption, leading to application crashes or memory corruption.

Affected Supported TeraStations

TS7010
Vulnerability is patched from firmware version 2.00

TS5020 and TS3030
Vulnerability is patched from firmware version 3.08

Back to Security Notices

Date	Description
11/20/2025	Initial release
12/10/2025	Update for TS5020/3030

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Latest Article

Buffalo Americas Product Life Cycle Status Change Notice - BS-MP2008 & BS-MP2012 Business Switches

OpenSSL CMS Password-Based Encryption Memory Corruption (CVE-2025-9230)