Vulnerability CVE-2025-15467 OpenSSL 3․0-3․6 in Automation Analytics & Intelligence
search cancel

Vulnerability CVE-2025-15467 OpenSSL 3․0-3․6 in Automation Analytics & Intelligence

book

Article ID: 430592

calendar_today

Updated On:

Products

Automation Analytics & Intelligence

Issue/Introduction

Automation Analytics and Intelligence may be flagged for a critical vulnerability in OpenSSL versions 3․0 to 3․6 tracked as CVE-2025-15467․​​​‌​​‍
Customers need to know if the application uses affected OpenSSL products to parse untrusted cryptographic message syntax or PKCS#7 content using authenticated encryption with associated data ciphers․

 

ERROR MESSAGE: "CVE-2025-15467"

SYMPTOMS:

  • Security scans flag OpenSSL versions 3․0 to 3․6

  • Potential risk of denial-of-service attack or arbitrary code execution

     

CONTEXT: Security vulnerability assessment for OpenSSL CVE-2025-15467․

IMPACT: Administrators require confirmation on product impact and remediation steps․

Environment

Products:
Automation Analytics & Intelligence Integration (AAI) for Broadcom Automation Distributed (Autosys, Automic) Product Release 24․X

Environment:

  • OS: Redhat Linux

  • App Server: JBoss

Resolution

PREREQUISITES:

  • Administrator access to the host operating system

STEPS:

Step 1․ VERIFY PRODUCT CONFIGURATION

AAI does not use OpenSSL within the product to parse cryptographic message syntax or PKCS#7 content with AEAD ciphers․

EXPECTED: No direct impact from this vulnerability on the AAI product․
NOTE: AAI bundles JBoss, which may internally load OpenSSL from the underlying native Operating System․

 

 

Step 2․ REVIEW JBOSS TLS/SSL IMPLEMENTATION

Verify that JBoss is configured to utilize Java Secure Socket Extension as the default implementation for communications, rather than OpenSSL․

EXPECTED: The current configuration does not use the OpenSSL option․

 

Step 3․ APPLY OPERATING SYSTEM PATCHES

Apply the relevant operating system-level patches that address the reported OpenSSL vulnerability․

EXPECTED: The underlying native Operating System is secured according to best practices․

 

VERIFY SUCCESS:

  • Security scans no longer flag CVE-2025-15467 on the host operating system․

Additional Information:

ROOT CAUSE: The vulnerability exists in OpenSSL versions 3․0 to 3․6, which might be loaded internally by the underlying native Operating System hosting the JBoss application server․

RELATED RESOURCES:

  • OpenSSL Vulnerability Library: https://openssl-library․org/news/vulnerabilities/#CVE-2025-15467

KNOWN LIMITATIONS:

  • The product does not directly use OpenSSL, so no application-level patch is provided․

VERSION NOTES:

  • Redhat Linux: The vulnerability is specific to Redhat Linux․

  • Windows: Windows environments are not impacted․

Powered by Wolken Software