OpenSSL has released security updates to address 12 vulnerabilities, including one that allows for remote code execution (RCE). Discovered by cybersecurity firm Aisle, these flaws primarily involve memory safety issues, parsing robustness, and resource handling. Specific vulnerabilities include stack and heap overflows related to PKCS#12 and CMS parsing, as well as NULL pointer dereferences and type-confusion bugs across ASN.1, PKCS#7, QUIC, and TimeStamp handling. These flaws can lead to denial of service (DoS) attacks, out-of-bounds writes in auxiliary APIs like BIO filters, and a logic bug in the CLI signing tool that improperly handles large inputs. The two most critical vulnerabilities are identified as CVE‑2025‑15467 and CVE‑2025‑11187. CVE‑2025‑15467 involves a stack buffer overflow during the parsing of AuthEnvelopedData in OpenSSL's CMS/PKCS#7, which can lead to DoS or RCE. This issue affects OpenSSL versions 3.0 to 3.6. The second major flaw, CVE‑2025‑11187, is a validation issue in PKCS#12 that allows attackers to exploit PBKDF2 parameters, potentially triggering a stack overflow during MAC verification. This vulnerability also affects OpenSSL versions 3.4 to 3.6 when handling untrusted PKCS#12 files. Other vulnerabilities in this update are considered low severity, focusing on potential DoS attacks or integrity issues in specific contexts, such as CLI tools and legacy PKCS#7. These vulnerabilities are primarily relevant to narrower usage scenarios and do not pose the same level of risk as the high-severity flaws.