CVE-2025-32989

Gnutls: vulnerability in gnutls sct extension parsing

Description

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

INFO

Published Date :

2025-07-10T08:05:26.307Z

Last Modified :

2026-04-14T10:04:57.602Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2025-32989 vulnerability.

Vendors	Products
Gnu	Gnutls
Redhat	Ceph Storage Discovery Enterprise Linux Hummingbird Insights Proxy Openshift Openshift Container Platform Rhel E4s Rhel Eus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32989.

URL	Resource
http://www.openwall.com/lists/oss-security/2025/07/11/3
https://access.redhat.com/errata/RHSA-2025:16115
https://access.redhat.com/errata/RHSA-2025:16116
https://access.redhat.com/errata/RHSA-2025:17181
https://access.redhat.com/errata/RHSA-2025:17348
https://access.redhat.com/errata/RHSA-2025:17361
https://access.redhat.com/errata/RHSA-2025:19088
https://access.redhat.com/errata/RHSA-2025:22529
https://access.redhat.com/security/cve/CVE-2025-32989
https://bugzilla.redhat.com/show_bug.cgi?id=2359621
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
https://nvd.nist.gov/vuln/detail/CVE-2025-32989
https://www.cve.org/CVERecord?id=CVE-2025-32989

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact