CVE-2025-32988 | Gnutls: vulnerability in gnutls othername san export

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

Published: 2025-07-10 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2025-32988 is rated Moderate Risk (49.2/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.19%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-32988

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.23% 1.19% +0.96%
2 2026-05-06 0.05% 0.23% +0.17%
3 2026-03-27 0.05%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-32988

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.5 3.1 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.2 4.2 [email protected]
8.2 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 3.9 4.2 [email protected]

Weakness enumeration for CVE-2025-32988

GitHub Security Advisory for CVE-2025-32988

GHSA-fv5h-vqpf-6fqj · Severity: medium — A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect...

OS Trackers for CVE-2025-32988

vendor priority summary link
alpine CVE-2025-32988: 1 source package rows (gnutls); 58 state rows across 6 repos (3.19-main, 3.20-main, 3.21-main, 3.22-main, 3.23-main, edge-main); fixed 5, open 53. https://security.alpinelinux.org/vuln/CVE-2025-32988
debian not yet assigned CVE-2025-32988 not yet assigned priority: Debian including 1 source packages (gnutls28), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2025-32988
gentoo high CVE-2025-32988: 1 GLSA(s) (202509-08), 1 atom(s) (net-libs/gnutls); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2025-32988
redhat medium https://access.redhat.com/security/cve/CVE-2025-32988
suse high CVE-2025-32988 severity important: SUSE including 308 source package names (0.23.1-11.31:libgnutls30-3.8.3-150600.4.9.1, 0.3.2-1.2:libgnutls30-3.8.3-150600.4.9.1, …), 781 product×package rows across 306 product lines (Container bci/kiwi, Container bci/spack, … (306 product lines)): Fixed 535, Known Affected 226, Known Not Affected 20. https://www.suse.com/security/cve/CVE-2025-32988/
ubuntu medium CVE-2025-32988 medium priority: Ubuntu including 1 source packages (gnutls28), 9 status rows across 9 suites (bionic, focal, jammy, noble, oracular, plucky, questing, upstream, xenial): released 7, ignored 1, not-affected 1. https://ubuntu.com/security/CVE-2025-32988

Affected software / configurations for CVE-2025-32988

Vendor Product Version Raw CPE
gnu gnutls < 3.8.10 cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*
redhat openshift_container_platform 4.0 cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
redhat enterprise_linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhat enterprise_linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhat enterprise_linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhat enterprise_linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
redhat enterprise_linux 10.0 cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*

References for CVE-2025-32988

URL Tags
https://access.redhat.com/errata/RHSA-2025:16115
https://access.redhat.com/errata/RHSA-2025:16116
https://access.redhat.com/errata/RHSA-2025:17181
https://access.redhat.com/errata/RHSA-2025:17348
https://access.redhat.com/errata/RHSA-2025:17361
https://access.redhat.com/errata/RHSA-2025:17415
https://access.redhat.com/errata/RHSA-2025:19088
https://access.redhat.com/errata/RHSA-2025:22529
https://access.redhat.com/errata/RHSA-2026:7477
https://access.redhat.com/security/cve/CVE-2025-32988 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359622 Issue Tracking
https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html
http://www.openwall.com/lists/oss-security/2025/07/11/3
https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
cvelogic Threat Intelligence