6.5 CVE-2025-9231
Enriched by CISA
Issue summary: A timing side-channel which could potentially allow remote
recovery of the private key exists in the SM2 algorithm implementation on 64 bit
ARM platforms.
Impact summary: A timing side-channel in SM2 signature computations on 64 bit
ARM platforms could allow recovering the private key by an attacker..
While remote key recovery over a network was not attempted by the reporter,
timing measurements revealed a timing signal which may allow such an attack.
OpenSSL does not directly support certificates with SM2 keys in TLS, and so
this CVE is not relevant in most TLS contexts. However, given that it is
possible to add support for such certificates via a custom provider, coupled
with the fact that in such a custom provider context the private key may be
recoverable via remote timing measurements, we consider this to be a Moderate
severity issue.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as SM2 is not an approved algorithm.
https://nvd.nist.gov/vuln/detail/CVE-2025-9231
Categories
CWE-385 : Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. Whenever possible, specify implementation strategies that do not introduce time variances in operations. Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker. It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application.
References
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
| https://cert-portal.siemens.com/productcert/html/ssa-032379.html |
| https://cert-portal.siemens.com/productcert/html/ssa-089022.html |
| https://cert-portal.siemens.com/productcert/html/ssa-253495.html |
af854a3a-2127-422b-91ae-364da2661108
| http://www.openwall.com/lists/oss-security/2025/09/30/5 |
| http://www.openwall.com/lists/oss-security/2026/05/11/11 |
openssl-security@openssl.org
AFFECTED (from MITRE)
| Vendor | Product | Versions |
|---|---|---|
| OpenSSL | OpenSSL |
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. | ||
CPE
| cpe | start | end |
|---|
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| 462 | Cross-Domain Search Timing |
Medium |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
