CVE-2025-9232
Publication date 30 September 2025
Last updated 30 September 2025
Ubuntu priority
Description
Out-of-bounds read in HTTP client no_proxy handling
Read the notes from the security team
Why is this CVE low priority?
OpenSSL developers have rated this as being a low severity issue
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| openssl | 25.04 plucky |
Fixed 3.4.1-1ubuntu4
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| openssl1.0 | 25.04 plucky | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| nodejs | 25.04 plucky |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Not affected
|
|
| edk2 | 25.04 plucky |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Notes
mdeslaur
only affects 3.5, 3.4, 3.3, 3.2 and 3.0 introduced by: https://github.com/openssl/openssl/commit/b59b74fd07ed541df9d555dc62ca6dd3ac97365b Older 3.0.x in noble and earlier don't contain the vulnerable commit.
References
Related Ubuntu Security Notices (USN)
- USN-7786-1
- OpenSSL vulnerabilities
- 30 September 2025