Vulnerability - CVE-2025-6395

Name

CVE-2025-6395

Source

NVD ( link)Debian ( link)

Description

A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().

CWEs

CWE-476

Published Date

Jul 10, 2025

Updated Date

Jun 17, 2026

Workaround

Advisories

Analysis#

Affected Component

Analysis

gnutls

Patched

Vulnerability Ratings#

6.5

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

gnutls

buildroot

2025.02.x

3.8.13

Not Affected

gnutls

buildroot

master

3.8.13

Not Affected

gnutls

openwrt

master

3.8.10-r1

Not Affected

gnutls

openwrt

openwrt-25.12

3.8.10-r1

Not Affected

gnutls

yocto

kirkstone

3.7.4

Patched

gnutls

yocto

master

3.8.13

Not Affected

Resolved with patches#

gnutls (yocto:kirkstone)

Title

Author

Resolve

handshake: clear HSK_PSK_SELECTED is when resetting

Daiki Ueno <ueno@gnu.org>

CVE-2025-6395

gnutls (yocto:scarthgap)

Title

Author

Resolve

handshake: clear HSK_PSK_SELECTED is when resetting

Daiki Ueno <ueno@gnu.org>

CVE-2025-6395