CVE-2025-27587

MEDIUM EPSS 28.1%

Published Jun 16, 20251y ago · Modified Jun 17, 20261w ago

5.3 CVSS 3.1

Medium

Published Jun 16, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

CVSS Details

Base Score

5.3

Exploitability

1.6

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

28.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-385

References 2

github.com https://github.com/openssl/openssl/issues/24253
minerva.crocs.fi.muni.cz https://minerva.crocs.fi.muni.cz

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.