CVE-2025-32989

EUVD-2025-20927

10.07.2025, 08:15

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Affected Products (NVD)

Vendor	Product	Version
gnu	gnutls	-
redhat	openshift_container_platform	4.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
Siemens	SIMATIC S7-1500 CPU 1518-4 PN\/DP MFP	V3.1.5 ≤ 𝑥 < *	ADP
Siemens	SIMATIC S7-1500 CPU 1518-4 PN\/DP MFP	V3.1.5 ≤ 𝑥 < *	ADP
Siemens	SIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP	V3.1.5 ≤ 𝑥 < *	ADP
Siemens	SIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP	V3.1.5 ≤ 𝑥 < *	ADP
Siemens	SIPLUS S7-1500 CPU 1518-4 PN\/DP MFP	V3.1.5 ≤ 𝑥 < *	ADP

Debian Releases

Debian Product

Codename

gnutls28

bookworm	3.7.9-2+deb12u6 fixed
bookworm (security)	3.7.9-2+deb12u7 fixed
bullseye	3.7.1-5+deb11u5 fixed
bullseye (security)	3.7.1-5+deb11u10 fixed
forky	3.8.13-1 fixed
sid	3.8.13-1 fixed
trixie	3.8.9-3+deb13u3 fixed
trixie (security)	3.8.9-3+deb13u4 fixed

Ubuntu Releases

Ubuntu Product

Codename

gnutls28

bionic	not-affected
focal	not-affected
jammy	Fixed 3.7.3-4ubuntu1.7 released
noble	Fixed 3.8.3-1.1ubuntu3.4 released
oracular	ignored
plucky	Fixed 3.8.9-2ubuntu3.1 released
questing	Fixed 3.8.9-3ubuntu1 released
resolute	Fixed 3.8.9-3ubuntu1 released
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

gnutls

suse enterprise desktop 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise desktop 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.9.1 fixed

gnutls-guile

suse enterprise server 15 SP5

3.7.3-150400.4.50.1

fixed

libgnutls-devel

suse enterprise desktop 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise desktop 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.9.1 fixed

libgnutls30

suse enterprise desktop 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise desktop 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.9.1 fixed

libgnutls30-32bit

suse enterprise desktop 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise desktop 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.9.1 fixed

libgnutls30-hmac

suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed

libgnutls30-hmac-32bit

suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed

libgnutlsxx-devel

suse enterprise desktop 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise desktop 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.9.1 fixed

libgnutlsxx28

suse enterprise server 15 SP4	3.7.3-150400.4.50.1 fixed
suse enterprise server 15 SP5	3.7.3-150400.4.50.1 fixed

libgnutlsxx30

suse enterprise desktop 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise desktop 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise sap 15 SP7	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP6	3.8.3-150600.4.9.1 fixed
suse enterprise server 15 SP7	3.8.3-150600.4.9.1 fixed