Home > Vulnerability Database > CVE-2025-32989

Mend.io Vulnerability Database

CVE-2025-32989

Good to know:

Date: July 10, 2025

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.

Severity Score

5.3

Related Resources (9)

Url: https://access.redhat.com/errata/RHSA-2025:16115

Url: https://access.redhat.com/errata/RHSA-2025:16116

Url: https://access.redhat.com/errata/RHSA-2025:17348

Url: https://access.redhat.com/errata/RHSA-2025:17361

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2359621

Url: https://access.redhat.com/errata/RHSA-2025:19088

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32989

Url: https://access.redhat.com/security/cve/CVE-2025-32989

Url: https://www.mend.io/vulnerability-database/CVE-2025-32989

Severity Score

5.3

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

Upgrade Version

Upgrade to version https://gitlab.com/gnutls/gnutls.git - 3.8.10

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32989

Good to know:

Date: July 10, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?