QwikSec

Security Database

CVE

CWE

Training

CVE-2025-6395

Published: Jul 10, 2025

Modified: May 12, 2026

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

Vendor	Product	Versions
Unknown	libgnutls	affected `0 - < 3.8.10`
Red Hat	Red Hat Enterprise Linux 10	unaffected `0:3.8.9-9.el10_0.14 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:3.6.16-8.el8_10.4 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:3.6.16-8.el8_10.4 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.8.3-6.el9_6.2 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:3.8.3-6.el9_6.2 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	unaffected `0:3.7.6-21.el9_2.4 - < *`
Red Hat	Red Hat Enterprise Linux 9.4 Extended Update Support	unaffected `0:3.8.3-4.el9_4.4 - < *`
Red Hat	Red Hat Ceph Storage 7	unaffected `sha256:4d2f9dc5b2b33ee1c77bbfabcbbb9f4d94d343b04c4de2e4f8b3b81a1f0fd2fe - < *`
Red Hat	Red Hat Discovery 2	unaffected `sha256:435ba9959b793d46a63a74c343bb8c3ff68350496afec12cc5e894dfc40b7648 - < *`
Red Hat	Red Hat Insights proxy 1.5	unaffected `sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

References

RHSA-2025:16115

vendor-advisory

x_refsource_REDHAT

RHSA-2025:16116

vendor-advisory

x_refsource_REDHAT

RHSA-2025:17181

vendor-advisory

x_refsource_REDHAT

RHSA-2025:17348

vendor-advisory

x_refsource_REDHAT

RHSA-2025:17361

vendor-advisory

x_refsource_REDHAT

RHSA-2025:17415

vendor-advisory

x_refsource_REDHAT

RHSA-2025:19088

vendor-advisory

x_refsource_REDHAT

RHSA-2025:22529

vendor-advisory

x_refsource_REDHAT

https://access.redhat.com/security/cve/CVE-2025-6395

vdb-entry

x_refsource_REDHAT

issue-tracking

x_refsource_REDHAT

https://gitlab.com/gnutls/gnutls/-/issues/1718

https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.