Query regarding impact of CVE-2025-69420 and CVE-2025-69421 on Messaging Gateway
search cancel

Query regarding impact of CVE-2025-69420 and CVE-2025-69421 on Messaging Gateway

book

Article ID: 432365

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Is Messaging Gateway affected by OpenSSL vulnerabilities, specifically CVE-2025-69420 and CVE-2025-69421?


Resolution

Messaging Gateway is not impacted by vulnerabilities stated in CVE-2025-69420 and CVE-2025-69421:

CVE-2025-69420

  • Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity.
  • This issue is specific to the interactions between a Time Stamp Server (TSA) and a client (ref the RFC for more details).
  • It does not involve encrypted traffic such as the time stamp that is included in network traffic packets.
  • SMG does NOT implement or use any RFC 3161 applications or interfaces, hence is not vulnerable to this issue.


CVE-2025-69421

  • Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to Security Policy.
  • SMG does NOT use OpenSSL to import or export certificates, hence is NOT vulnerable to this issue. 



Additional Information

CVE-2025-69420
CVE-2025-69421

Powered by Wolken Software