2372320 – (CVE-2025-22874) CVE-2025-22874 crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509

Bug 2372320 (CVE-2025-22874) - CVE-2025-22874 crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509

Summary: CVE-2025-22874 crypto/x509: Usage of ExtKeyUsageAny disables policy validatio...

Keywords:
Status:	NEW
Alias:	CVE-2025-22874
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2381592 2381593
Blocks:
TreeView+	depends on / blocked

Reported:	2025-06-11 17:01 UTC by OSIDB Bzimport
Modified:	2026-05-12 10:53 UTC (History)
CC List:	172 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-06-11 17:01:11 UTC

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Note You need to log in before you can comment on or make changes to this bug.

aaguirre
aasthana
aazores
abarbaro
abrianik
adistefa
akostadi
alazarot
alcohan
alizardo
amasferr
amctagga
anjoseph
anpicker
ansmith
anthomas
aoconnor
aparedes
asatyam
bbrownin
bdettelb
bniver
brainfor
ckandaga
cmah
crizzo
david.sastre
ddahlem
dhanak
diagrawa
dmayorov
doconnor
drosa
dsimansk
dymurray
eaguilar
ebaron
eborisov
eglynn
ehelms
ehernand
fdeutsch
flucifre
fspolti
ggainey
ggrzybek
gmeno
gparvin
gryan
gzaronik
haoli
hasun
hdefazio
hkataria
hnalla
hukhan
ibolton
jajackso
jburrell
jcammara
jcantril
jchui
jeder
jfula
jhe
jjoyce
jkoehler
jlledo
jmatthew
jmitchel
jmontleo
jneedle
jolong
jowilson
jprabhak
jschluet
juwatts
jwendell
kegrant
kingland
koliveir
kshier
ktsao
kverlaen
lball
lchilton
lgamliel
lhh
lphiri
lsharar
lsvaty
lucarval
lwan
mabashia
manissin
matzew
mbenjamin
mbocek
mburns
mgarciac
mhackett
mhulan
mjahangi
mmakovy
mnovotny
mprahl
mrunge
mwringe
nboldt
ngough
njean
nmoumoul
nyancey
oaljalju
ometelka
oramraz
osousa
owatkins
pahickey
pamccart
paoconno
parichar
pbraun
pcreech
peholase
periklis
pgaikwad
pgrist
pjindal
psrna
ptisnovs
pvasanth
rcardoso
rcernich
rchan
rfreiman
rhaigner
rhel-process-autobot
rjohnson
rojacob
sabiswas
sakbas
sausingh
sdawley
sfeifer
shvarugh
simaishi
slucidi
smallamp
smcdonal
smullick
sostapov
sseago
stcannon
stirabos
syedriko
szaher
tasato
teagle
tfister
thason
thavo
tjochec
tzivkovi
vereddy
veshanka
vimartin
watson-tool-maintainers
whayutin
wtam
xdharmai
yguenane