CVE-2025-6395

MEDIUM

GnuTLS - Memory Corruption

Title source: llm

STIX 2.1

Description

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

References (15)

Core 15

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:16115

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:16116

https://gitlab.com/gnutls/gnutls/-/issues/1718

Mailing List

https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html

Mailing List

http://www.openwall.com/lists/oss-security/2025/07/11/3

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:17181

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:17348

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:17361

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:17415

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:19088

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:22529

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-6395

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2376755

https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html

Vendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

Scores

CVSS v3 6.5

EPSS 0.0027

EPSS Percentile 50.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (13)

Red Hat/Red Hat Ceph Storage 7 sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe

Red Hat/Red Hat Ceph Storage 7 sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631

Red Hat/Red Hat Discovery 2 sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648

Red Hat/Red Hat Enterprise Linux 10 0:3.8.9-9.el10_0.14

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:3.6.16-8.el8_10.4

Red Hat/Red Hat Enterprise Linux 9 0:3.8.3-6.el9_6.2

Red Hat/Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions 0:3.7.6-21.el9_2.4

Red Hat/Red Hat Enterprise Linux 9.4 Extended Update Support 0:3.8.3-4.el9_4.4

... and 3 more

Published Jul 10, 2025

Tracked Since Feb 18, 2026