| # OpenSSL Advisory: September 30th, 2025 (BoringSSL Not Affected) |
| |
| OpenSSL have published a [security advisory](https://openssl-library.org/news/secadv/20250930.txt). Here's how it affects BoringSSL: |
| |
| CVE | Summary | [Severity] in OpenSSL | Impact to BoringSSL |
| ----|---------|-----------------------|--------------------- |
| CVE-2025-9230 | Out-of-bounds read & write in RFC 3211 KEK Unwrap | Moderate | Not affected, impacted code was removed from BoringSSL in the initial fork |
| CVE-2025-9231 | Timing side-channel in SM2 algorithm on 64 bit ARM | Moderate | Not affected, issue was introduced after fork |
| CVE-2025-9232 | Out-of-bounds read in HTTP client no_proxy handling | Low | Not affected, issue was introduced after fork |
| |
| [Severity]: https://openssl-library.org/policies/general/security-policy/index.html#issue-severity |