CVE-2025-14831 - Vulnerability Details

CVE-2025-14831 - Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation none

Automatable yes

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Enterprise Linux 10

affected

Version	Status	Constraints
`0:3.8.10-3.el10_1`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:3.6.16-8.el8_10.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`0:3.6.16-8.el8_10.5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:3.8.3-10.el9_7`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:3.8.3-10.el9_7`	unaffected	< *

Red Hat

Red Hat Ceph Storage 8

affected

Version	Status	Constraints
`sha256:a0f0f9770911d6a0fc522f304942765059643193e95c9f6e505462f98a979db1`	unaffected	< *

Red Hat

Red Hat Insights proxy 1.5

affected

Version	Status	Constraints
`sha256:86431fdb1ba7fa0cbc8e82cc5fe518b7c0946b8847991fc95604b1d1cfd45e06`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:2c50c87906a1abebf427a70f401c409f1258cb55d2096f517db870ec991cfd7f`	unaffected	< *

Red Hat

Red Hat Update Infrastructure 5

affected

Version	Status	Constraints
`sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 affected —

Red Hat Red Hat Enterprise Linux 7 affected —

Red Hat Red Hat OpenShift Container Platform 4 affected —

No data.

Vendor	Product	Confidence	Versions
Red Hat	Enterprise Linux	—	—
Redhat	Openshift Container Platform	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Subscriptions

Vendors	Products
Red Hat Subscribe	Enterprise Linux Subscribe
Redhat Subscribe	Ceph Storage Subscribe Enterprise Linux Subscribe Insights Proxy Subscribe Openshift Subscribe Openshift Container Platform Subscribe Rhui Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4492-1	gnutls28 security update
Debian DSA	DSA-6140-1	gnutls28 security update
Ubuntu USN	USN-8043-1	GnuTLS vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:3477
https://access.redhat.com/errata/RHSA-2026:4188
https://access.redhat.com/errata/RHSA-2026:4655
https://access.redhat.com/errata/RHSA-2026:4943
https://access.redhat.com/errata/RHSA-2026:5585
https://access.redhat.com/errata/RHSA-2026:5606
https://access.redhat.com/security/cve/CVE-2025-14831
https://bugzilla.redhat.com/show_bug.cgi?id=2423177
https://gitlab.com/gnutls/gnutls/-/issues/1773
https://nvd.nist.gov/vuln/detail/CVE-2025-14831
https://www.cve.org/CVERecord?id=CVE-2025-14831

History

Tue, 24 Mar 2026 11:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2026:5585

Tue, 24 Mar 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat ceph Storage
CPEs		cpe:/a:redhat:ceph_storage:8::el9
Vendors & Products		Redhat ceph Storage
References		https://access.redhat.com/errata/RHSA-2026:5606

Wed, 18 Mar 2026 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhui
CPEs		cpe:/a:redhat:rhui:5::el9
Vendors & Products		Redhat rhui
References		https://access.redhat.com/errata/RHSA-2026:4943

Mon, 16 Mar 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat insights Proxy
CPEs		cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products		Redhat insights Proxy
References		https://access.redhat.com/errata/RHSA-2026:4655

Thu, 12 Mar 2026 17:45:00 +0000

Type	Values Removed	Values Added
References		https://gitlab.com/gnutls/gnutls/-/issues/1773

Wed, 11 Mar 2026 09:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2026:4188

Mon, 02 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.1
References		https://access.redhat.com/errata/RHSA-2026:3477

Tue, 10 Feb 2026 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Red Hat Red Hat enterprise Linux Redhat openshift Container Platform
Vendors & Products		Red Hat Red Hat enterprise Linux Redhat openshift Container Platform

Tue, 10 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-14831 https://www.cve.org/CVERecord?id=CVE-2025-14831
Metrics	threat_severity `None`	threat_severity `Moderate`

Mon, 09 Feb 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 09 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Title		Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-407
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-14831 https://bugzilla.redhat.com/show_bug.cgi?id=2423177
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-02-09T14:51:32.447Z

Updated: 2026-03-24T10:39:57.915Z

Reserved: 2025-12-17T14:44:59.859Z

Link: CVE-2025-14831

Vulnrichment

Updated: 2026-02-09T15:25:52.476Z

NVD

Status : Awaiting Analysis

Published: 2026-02-09T15:16:09.937

Modified: 2026-03-24T11:16:21.903

Link: CVE-2025-14831

Redhat

Severity : Moderate

Publid Date: 2026-02-09T14:26:34Z

Links: CVE-2025-14831 - Bugzilla

OpenCVE Enrichment

Updated: 2026-02-10T15:37:37Z

Weaknesses

CWE-407

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

Tracking

JSON object

JSON object

JSON object

JSON object

JSON object