CVE-2025-9230 - An application trying to decrypt CMS (Cryptographic Message Syntax) messages encrypted using password based encryption can trigger an out-of-bounds read and write?
search cancel

CVE-2025-9230 - An application trying to decrypt CMS (Cryptographic Message Syntax) messages encrypted using password based encryption can trigger an out-of-bounds read and write?

book

Article ID: 415426

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.

Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code.

Environment

Component: CA Access Gateway (Secure Proxy Server)
Release: 12.8.xx.xx and 12.9 (Applicable to all the supported releases)

Cause

CVE-2025-9230 - (Moderate) This CVE has a impact specifically in the CMS (Cryptographic Message Syntax), CMS has features that includes the secure email (S/MIME), CMS-wrapped content encrypted with a password

Resolution

This CVE has an impacted areas in CMS (Cryptographic Message Syntax) + password based encryption. 

Other areas in HTTPS, TLS/SSL, FIPS modules are not impacted.

In siteminder we don't use the CMS with password based encryption, This CVE has no impact on any of the siteminder components.

Additional Information

For more detailed Information about CVE Vulnerability, please go through the below links.

CVE-2025-9230 Detail

CVE-2025-9230

Powered by Wolken Software