Imprint

Vulnerabilities 2026Permanent link for this heading

OpenSSL stack buffer overflow vulnerability (PDO23173)Permanent link for this heading

First published: 05 February 2026 (restricted disclosure)

Last update: 06 February 2026

ID: PDO23173

Affected Components:

  • All Fabasoft Folio/eGov-Suite versions from 2023 up to and including 2026

Severity: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, Base Score: 9.8

Status: Open

CVEs: CVE-2025-15467

SummaryPermanent link for this heading

In the third-party library OpenSSL, a security vulnerability has been identified and classified as CVE-2025-15467 where maliciously crafted parameters can trigger a stack buffer overflow.

In particular circumstances an attacker may be able to exploit this vulnerability in Fabasoft Folio/eGov-Suite.

ImpactPermanent link for this heading

According to OpenSSL's information on this vulnerability the stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution.

RemediationPermanent link for this heading

The vulnerability can be remediated by installing a hotfix provided by Fabasoft.

Hotfix informationPermanent link for this heading

Fabasoft provides hotfixes for the following Fabasoft eGov-Suite versions, these can be download directly if an embedded link has been provided in this list, otherwise please contact Fabasoft 3rd Level Support:

  • Fabasoft Folio / eGov-Suite 2023 Update Rollup 3 (23.0.3.75)
  • Fabasoft Folio / eGov-Suite 2024 Update Rollup 3 (24.0.3.54)
  • Fabasoft Folio / eGov-Suite 2025 (25.0.0.319)
  • Fabasoft Folio / eGov-Suite 2025 Update Rollup 1 (25.0.1.55)
  • Fabasoft Folio / eGov-Suite 2025 Update Rollup 2 (25.0.2.38)
  • Fabasoft Folio / eGov-Suite 2026 (26.0.0.115)

The fix for this vulnerability is already included with the following and newer versions:

  • Fabasoft eGov-Suite 2026 April Release
  • Fabasoft Folio / eGov-Suite 2026 Update Rollup 1