CVE-2025-9230, CVE-2025-9231, CVE-2025-9232 (OpenSSL)

[paolorechia-ba]

Hi, I hope this is the right place to report, as I'm new in this codebase.

The AWS Inspector scanner has picked some vulnerabilities in our application, which seems to affecting the latest v22 and v24 alpine Docker images.

It seems to be the OpenSSL bundled inside node.js. For instance, for the v22 image:

Vulnerability IDs:

https://nvd.nist.gov/vuln/detail/CVE-2025-9230
https://nvd.nist.gov/vuln/detail/CVE-2025-9231
https://nvd.nist.gov/vuln/detail/CVE-2025-9232

[RafaelGSS]

OpenSSL 3.5.4 has been released with Node.js 24.10.0.

For Node.js 22:

CVE-2025-9230: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CMS)

What's vulnerable: CMS (Cryptographic Message Syntax) password-based encryption functions, specifically CMS_decrypt() and CMS_decrypt_set1_password() functions

• These functions exist in the bundled OpenSSL dependency (deps/openssl)
• Node.js does NOT expose or use any CMS APIs in its crypto module
• No references to CMS_decrypt, PWRI, or related functions in Node.js source code (src/, lib/)

Therefore, I'm supposing this doesn't affect Node.js.

CVE-2025-9231: Timing side-channel in SM2 algorithm on 64 bit ARM

What's vulnerable: SM2 signature computations on 64-bit ARM platforms

• No references to SM2 algorithm in Node.js source code
• Node.js doesn't implement or expose SM2 functionality

CVE-2025-9232: Out-of-bounds read in HTTP client no_proxy handling

What's vulnerable: OpenSSL HTTP client API functions (OSSL_HTTP_*) used for OCSP and CMP protocols

• Node.js does NOT use OpenSSL's HTTP client implementation
• No references to OSSL_HTTP, OCSP_sendreq, or OCSP_REQ_CTX in Node.js source code

Node.js has its own HTTP implementation that doesn't rely on OpenSSL's HTTP client

---

This was my quick look to the codebase, but I'd like to hear from @nodejs/crypto before adding the "dont-believe-affect-nodejs" label.

[richardlau]

CVE-2025-9231: Timing side-channel in SM2 algorithm on 64 bit ARM

What's vulnerable: SM2 signature computations on 64-bit ARM platforms

• No references to SM2 algorithm in Node.js source code
• Node.js doesn't implement or expose SM2 functionality

On this one, https://openssl-library.org/news/secadv/20250930.txt says

OpenSSL does not directly support certificates with SM2 keys in TLS, and so
this CVE is not relevant in most TLS contexts. However, given that it is
possible to add support for such certificates via a custom provider, coupled
with the fact that in such a custom provider context the private key may be
recoverable via remote timing measurements, we consider this to be a Moderate
severity issue.

We don't provide Node.js APIs to load (or unload) custom providers but it is possible to do so via OpenSSL configuration file changes (which you can pick up via --openssl-config-file or OPENSSL_CONF environment variable). i.e. we're in a similar situation to OpenSSL in that it would be dependent on the presence of such a custom provider.

[mungojam]

The issue could be that a docker image might have other things added to it that would then use those vulnerable functions, so the presence of them in the official docker image could still be a (low) risk.

This is where chiseled containers can help

[allie47]

Just to check and have it explicitly listed for all LTS versions - the assessment above for v22 would also apply to latest security release of v20 (20.19.5), correct? (which also has applicable openssl version as far as I know)

[marco-ippolito]

Just to check and have it explicitly listed for all LTS versions - the assessment above for v22 would also apply to latest security release of v20 (20.19.5), correct? (which also has applicable openssl version as far as I know)

Yes it does not apply to Node.js v20