CVE-2025-32990
CVE Details
Visit the official vulnerability details page for CVE-2025-32990 to learn more.
Initial Publication
07/12/2025
Last Update
09/17/2025
Third Party Dependency
libgnutls30
NIST CVE Summary
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
CVE Severity
Our Official Summary
This is a heap-buffer-overflow (off-by-one) vulnerability in the GnuTLS software, specifically in the template parsing logic within the certtool utility. When the utility reads certain settings from a malformed template file, it allows an attacker to cause an out-of-bounds NULL pointer write, resulting in memory corruption and denial-of-service conditions that could potentially crash the affected system.
The vulnerability affects multiple third party components used across both Vertex and Palette products. However, successful exploitation requires an attacker to provide specifically crafted template files to the GnuTLS certtool utility, which is typically used for certificate generation and management operations that are not directly exposed to external attackers in containerized environments.
The risk of exploitation is considered low to medium, as it requires an attacker to have the ability to supply malicious template files to the certtool utility, which is primarily used for administrative certificate operations rather than runtime processing of untrusted data. The impact if compromised is considered medium as it could result in denial of service through application crashes and potential memory corruption.
Upstream patches addressing this issue will be adopted as and when they become available.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 09/17/2025 | Status changed from Open to Ongoing |
| 09/17/2025 | Official summary added |
| 08/16/2025 | Advisory severity revised to HIGH from MEDIUM |