CVE-2025-62875

Published: Nov 20, 2025Modified: Jan 15, 2026

6.9

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: meissner@suse.de (Secondary)

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.

Affected (2)

Products: Opensmtpd: Opensmtpd · Opensuse: Tumbleweed

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensmtpd Opensmtpd	Version 7.7.0 p0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Tumbleweed	Before 7.8.0p0-1.1

Related CWEs

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (4)

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62875

Source: meissner@suse.de

Issue TrackingPatch

https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html

Source: meissner@suse.de

ExploitThird Party Advisory

http://www.openwall.com/lists/oss-security/2025/10/31/3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://security.opensuse.org/2025/10/31/opensmtpd-local-DoS.html#reproducer

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.