CVE-2025-15467 has been published on Jan 27th, 2026.

Summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.

Details: https://www.cve.org/CVERecord?id=CVE-2025-15467

Edge SWG version 7.3 and 7.4,

Edge SWG version 7.3 is not vulnerable to CVE-2025-15467 as it uses OpenSSL ver. 1.1.1.

However, Edge SWG version 7.4 is vulnerable. The patch for this vulnerability has been integrated in version 7.4.14+ so please consider an upgrade in case of any security concern.