Cyber Posture

CVE-2025-32990

Medium

Published: 10 July 2025

Published
10 July 2025
Modified
20 April 2026
KEV Added
Patch
CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score 0.0029 52.5th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32990 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Redhat Enterprise Linux. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 47.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Heap buffer overflow in certtool enables remote application exploitation resulting in memory corruption and DoS crash.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write,…

more

resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Deeper analysisAI

CVE-2025-32990 is a heap-buffer-overflow vulnerability stemming from an off-by-one error in the GnuTLS software library, specifically within the template parsing logic of the certtool utility. This flaw occurs when certtool processes certain settings from a template file, enabling an out-of-bounds NULL pointer write that leads to memory corruption. The issue is classified under CWE-122 (Heap-based Buffer Overflow) and carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L), indicating medium severity with network accessibility, low attack complexity, and no requirements for privileges or user interaction.

An unauthenticated attacker can exploit this vulnerability remotely by supplying a maliciously crafted template file to a system running vulnerable versions of certtool. Successful exploitation triggers memory corruption, resulting in a denial-of-service condition that could crash the affected system. While the impact is limited to low integrity and availability disruption with no confidentiality loss, the lack of privileges needed makes it accessible to remote adversaries targeting GnuTLS deployments.

Red Hat has addressed this vulnerability through multiple errata releases, including RHSA-2025:16115, RHSA-2025:16116, RHSA-2025:17181, RHSA-2025:17348, and RHSA-2025:17361, which provide updated packages for affected Red Hat products using GnuTLS. Security practitioners should apply these patches promptly to mitigate the risk of exploitation.

Details

CWE(s)
CWE-122

Affected Products

gnu
gnutls
all versions
redhat
openshift container platform
4.0
redhat
enterprise linux
10.0, 6.0, 7.0, 8.0, 9.0

CVEs Like This One

CVE-2026-33845Same product: Gnu Gnutls
CVE-2025-32988Same product: Gnu Gnutls
CVE-2026-1584Same product: Gnu Gnutls
CVE-2026-3442Same product: Redhat Enterprise Linux
CVE-2026-5201Same product: Redhat Enterprise Linux
CVE-2025-0678Same product: Redhat Enterprise Linux
CVE-2026-3441Same product: Redhat Enterprise Linux
CVE-2024-45782Same product: Redhat Enterprise Linux
CVE-2026-0966Same product: Redhat Enterprise Linux
CVE-2025-0755Shared CWE-122

References