On 27 January 2026 the OpenSSL project published a security advisory for CVE-2025-11187, a moderate-severity vulnerability in how the library processes PKCS#12 files protected with PBMAC1. The flaw comes down to missing validation of PBKDF2 parameters during MAC (Message Authentication Code) verification, which can crash the application and cause a denial of service (DoS).
What the vulnerability is
PKCS#12 files (.p12 or .pfx extensions) are containers that usually store private keys, certificates and trust chains. They embed a MAC to protect their integrity. When that MAC is computed with PBMAC1 —a more modern scheme that derives the key with PBKDF2— OpenSSL failed to properly validate two parameters that the file itself controls:
- The PBKDF2 key length (keylength). If the declared value exceeds the 64-byte stack buffer reserved for the derivation, a stack buffer overflow occurs.
- The salt type. An invalid salt type leads to the use of an invalid pointer or a NULL pointer dereference.
In practice, what OpenSSL describes is a crash of the process that parses an untrusted PKCS#12 file.
Who is affected and severity
The affected branches are OpenSSL 3.6, 3.5 and 3.4. The problem only shows up when an application processes a malicious or crafted PKCS#12 file.
OpenSSL rated the flaw as moderate rather than high for a clear reason: PKCS#12 files almost always contain trusted private keys that the user or system generated or imported, so they rarely count as untrusted external input. The real risk sits with services that accept and parse PKCS#12 files supplied by third parties, such as certificate upload portals or automated import systems. There, an attacker could send a .p12 crafted to crash the service.
The advisory mentions the potential for a stack buffer overflow, but OpenSSL keeps the realistic impact at denial of service, with no confirmed code execution.
Mitigation and patches
The fix is already available in these versions, which you should upgrade to:
- OpenSSL 3.6.1
- OpenSSL 3.5.5
- OpenSSL 3.4.4
Linux distributions have been shipping their own fixed packages: Debian handled it in advisory DSA-6113-1 and Red Hat in RHSA-2026:1496. The sensible move is to apply the update through your distribution’s package manager (apt, dnf, etc.) instead of building OpenSSL by hand, since that also updates the linked binaries and base-system libraries.
Until the patch is in place, avoid processing PKCS#12 files of unknown origin and, in services that accept them, validate and isolate that input flow.
Source
- OpenSSL Security Advisory (20260127): https://openssl-library.org/news/secadv/20260127.txt
- Vulnerability detail on NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11187