Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
Currently, no mitigation is available for this vulnerability.
Wed, 17 Sep 2025 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
References |
|
Wed, 17 Sep 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:enterprise_linux:10.0 | |
References |
|
Fri, 15 Aug 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gnu
Gnu gnutls Redhat openshift Container Platform |
|
CPEs | cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Gnu
Gnu gnutls Redhat openshift Container Platform |
Wed, 16 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Thu, 10 Jul 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 10 Jul 2025 12:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 10 Jul 2025 08:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly. | |
Title | Gnutls: vulnerability in gnutls sct extension parsing | |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
Weaknesses | CWE-295 | |
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-09-17T20:25:54.745Z
Reserved: 2025-04-15T01:31:12.104Z
Link: CVE-2025-32989

Updated: 2025-07-10T20:06:45.412Z

Status : Modified
Published: 2025-07-10T08:15:24.430
Modified: 2025-09-17T21:15:38.080
Link: CVE-2025-32989


No data.