Description
A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
Published: 2025-07-10
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A NULL pointer dereference occurs in the GnuTLS function _gnutls_figure_common_ciphersuite(), which is invoked during TLS cipher suite negotiation. This flaw can cause the library to dereference a null pointer, leading to an application crash or termination of the TLS process. The resulting denial‑of‑service may interrupt any services that rely on GnuTLS for encrypted communication. The weakness is classified under CWE‑476.

Affected Systems

The vulnerable releases include Red Hat Ceph Storage 7, Red Hat Discovery 2, various releases of Red Hat Enterprise Linux from versions 6 through 10, the Extended Update Support streams for RHEL 9.2 and 9.4, Red Hat Insights Proxy 1.5, and Red Hat OpenShift Container Platform 4. The errata RHSA‑2025:16115 to RHSA‑2025:22529 provide the fixed packages for each affected product.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, involving a TLS client that initiates a handshake and triggers the null‑pointer dereference. Exploitation would result in the TLS library crashing, leading to a denial‑of‑service of affected services.

Generated by OpenCVE AI on May 2, 2026 at 08:22 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Update affected Red Hat packages to the fixed versions supplied in the RHSA errata RHSA‑2025:16115 through RHSA‑2025:22529.
  • If using a custom GnuTLS build, upgrade to the latest stable release that incorporates the patch.
  • Restart all services that depend on GnuTLS after the update to ensure the corrected library is loaded.

Generated by OpenCVE AI on May 2, 2026 at 08:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4267-1 gnutls28 security update
Debian DSA Debian DSA DSA-5962-1 gnutls28 security update
EUVD EUVD EUVD-2025-21000 A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().
Ubuntu USN Ubuntu USN USN-7635-1 GnuTLS vulnerabilities
Ubuntu USN Ubuntu USN USN-7742-1 GnuTLS vulnerabilities
History

Tue, 12 May 2026 13:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
References

Mon, 01 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat ceph Storage
CPEs cpe:/a:redhat:ceph_storage:7::el9
Vendors & Products Redhat ceph Storage
References

Thu, 06 Nov 2025 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat insights Proxy
CPEs cpe:/a:redhat:insights_proxy:1.5::el9
Vendors & Products Redhat insights Proxy
References

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat discovery
CPEs cpe:/a:redhat:discovery:2::el9
Vendors & Products Redhat discovery
References

Wed, 08 Oct 2025 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Tue, 07 Oct 2025 12:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Mon, 06 Oct 2025 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/o:redhat:rhel_e4s:9.2::baseos
Vendors & Products Redhat rhel E4s
References

Mon, 06 Oct 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products Redhat rhel Eus
References

Fri, 03 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhivos
CPEs cpe:/o:redhat:rhivos:1
Vendors & Products Redhat rhivos

Wed, 17 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:9 cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
References

Wed, 17 Sep 2025 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:10.0
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}

 epss

{'score': 0.00053}

Tue, 15 Jul 2025 07:00:00 +0000

Type Values Removed Values Added
Description A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system. A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}

Thu, 10 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 10 Jul 2025 15:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial of service (DoS) that could crash the system.
Title gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References

Thu, 10 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()
Weaknesses CWE-476
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H'}

threat_severity

Moderate

Subscriptions

Redhat Ceph Storage Discovery Enterprise Linux Insights Proxy Openshift Rhel E4s Rhel Eus
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-12T12:02:31.938Z

Reserved: 2025-06-20T06:26:20.649Z

Link: CVE-2025-6395

cve-icon Vulnrichment

Updated: 2025-11-04T21:14:21.080Z

cve-icon NVD

Status : Deferred

Published: 2025-07-10T16:15:25.110

Modified: 2026-05-12T13:17:28.460

Link: CVE-2025-6395

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-10T07:56:53Z

Links: CVE-2025-6395 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T08:30:26Z

Weaknesses