A critical vulnerability in OpenSSL versions 3․0-3․6, tracked as CVE-2025-15467, has been disclosed․
You need to determine if Embedded Entitlements Manager (EEM) and related workload automation tools are impacted․​​​​​​​‌​‍

ERROR MESSAGE: "None"

SYMPTOMS:

• Rapid response required for OpenSSL vulnerability

• Need to identify affected cryptographic message syntax (CMS) parsing

CONTEXT: Assessing security posture for CVE-2025-15467

IMPACT: Potential denial-of-service attack or arbitrary code execution against a vulnerable host

• OS: Windows/Linux

• Database: Not Applicable

• App Server: Not Applicable

• Product: AutoSys Workload Automation 24․x

• Product: Embedded Entitlements Manager (EEM) 12․7․0

• Component: CA Directory 14․1 SP06

STEPS:

1․ VERIFY IMPACT STATUS

Action: Note that EEM's igateway uses CAPKI 5․x and is not impacted by this vulnerability
Action: Note that Symantec Directory (CA Directory 14․1 SP06) used by EEM is vulnerable

EXPECTED: You understand the scope of the vulnerability impact

2․ APPLY SECURITY ADVISORY PATCH

Action: Apply Security Advisory 37091 for the CA Directory component
Symantec Directory Security Advisory for CVE-2025-15467 - OpenSSL Stack buffer overflow

EXPECTED: CA Directory component is secured against CVE-2025-15467

VERIFY SUCCESS:

• Patch applied successfully

• EEM services are running normally

ROOT CAUSE: A recently disclosed critical vulnerability in OpenSSL versions 3․0-3․6 tracked as CVE-2025-15467 affects the Symantec Directory component

RELATED RESOURCES:

• Security Advisory: 37091

• Security Advisory: 36940

• OpenSSL Vulnerability Library: CVE-2025-15467

KNOWN LIMITATIONS:

• The fix provided in advisory 37091 is applicable only for 12․7․x versions of EEM

VERSION NOTES:

• v12․7․x: Apply patch from advisory 37091

Symantec Directory Security Advisory for CVE-2025-15467 - OpenSSL Stack buffer overflow