OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE:
This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by     measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private     key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted     nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via     statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also,     there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is     disputed because the OpenSSL security policy explicitly notes that any side channels which require same     physical system to be detected are outside of the threat model for the software. The timing signal is so     small that it is infeasible to be detected without having the attacking process running on the same     physical system. (CVE-2025-27587)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02236-1 advisory.

    - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366).

    - Backport mdless cms signing support [jsc#PED-12895]

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02042-1 advisory.

    - CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA     (bsc#1243459).
    - CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected.
    (bsc#1236599)
    - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1550-1 advisory.

    Security:

    - CVE-2025-27587: Timing side channel vulnerability in the P-384       implementation when used with ECDSA in the PPC architecture (bsc#1240366).
    - Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).

    FIPS:

    - Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326,     bsc#1231748).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
505127	Siemens SCALANCE and RUGGEDCOM Covert Timing Channel (CVE-2025-27587)	Tenable OT Security	Tenable.ot	medium
258880	Linux Distros Unpatched Vulnerability : CVE-2025-27587	Nessus	Misc.	medium
241508	SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2025:02236-1)	Nessus	SuSE Local Security Checks	medium
240596	SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2025:02042-1)	Nessus	SuSE Local Security Checks	medium
236791	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2025:1550-1)	Nessus	SuSE Local Security Checks	medium

Detections

Analytics

CVE-2025-27587

medium

Tenable Plugins

medium

medium

medium

medium

medium