CVE-2025-62875

MEDIUM EPSS 5.0%
Published Nov 20, 20257mo ago · Modified Jun 17, 20261w ago
6.9 CVSS 4.0
Medium
Find Similar
Published Nov 20, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
5.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-754

Affected Products 2

VendorProductVersionRange
opensmtpdopensmtpd7.7.0any
opensusetumbleweed* <7.8.0p0-1.1

References 4

  • openwall.com http://www.openwall.com/lists/oss-security/2025/10/31/3
    ExploitMailing ListThird Party Advisory
  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875
    Issue TrackingPatch
  • security.opensuse.org https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html
    ExploitThird Party Advisory
  • security.opensuse.org https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html#reproducer
    ExploitThird Party Advisory

Remediation

  • bugzilla.suse.com https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875
    Issue TrackingPatch