Security researchers from AISLE  have identified 12 new security vulnerabilities in OpenSSL, the widely adopted open-source library that underpins encryption, authentication and secure communications across the internet. The vulnerabilities are addressed in a coordinated OpenSSL security release published today, with patches now available to users and downstream software maintainers.

According to its blog, the AISLE had been searching OpenSSL for vulnerabilities since August 2025, and identified two that are of high and moderate severity:

  • CVE-2025-15467: Stack Buffer Overflow in CMS AuthEnvelopedData Parsing (High): A vulnerability with the potential to enable remote code execution under specific conditions
  • CVE-2025-11187PBMAC1 Parameter Validation in PKCS#12 (Moderate): Missing validation that could trigger a stack-based buffer overflow

The OpenSSL library is mature and has a vigilant community, so finding a genuine security flaw in OpenSSL is extraordinarily difficult. AISLE said in its blog. OpenSSL is downloaded more than 15 million times annually, and is used by 95% of IT organizations around the world, So, discovering 12 vulnerabilities — and six more issues that weren’t assigned a designation — gives proof of the effectiveness of autonomous security systems.

According to Tomáš Mráz, CTO of the OpenSSL Foundation, “One of the most important sources of the security of the OpenSSL Library and open source projects overall is independent research. This release is fixing 12 security issues, all disclosed to us by AISLE. We appreciate the high quality of the reports and their constructive collaboration with us throughout the remediation process.”

OpenSSL is embedded in operating systems, cloud platforms, enterprise applications, networking equipment and critical infrastructure., and is  a foundational dependency for secure email, encrypted communications, authentication protocols and certificate handling, according to AISLE.

“These disclosures underscore the broader challenge facing the open-source software ecosystem: as software complexity grows and attack surfaces expand, even secure, mature and extensively reviewed codebases can harbor security flaws,” said Stanislav Fort, co-founder and chief scientist at AISLE. “Keeping pace with discovery, validation and remediation is increasingly difficult using traditional, manual approaches alone. AISLE’s research reflects how AI-driven, continuous analysis can augment human expertise and help uncover vulnerabilities that would otherwise remain hidden. All 12 vulnerabilities were discovered by AI and validated by our research team.”

Using AI-native reasoning systems in combination with responsible disclosure and working with maintainers of open-source projects, AISLE is able to detect and resolve vulnerabilities, in many cases before they’re discovered in production environments.