cve 2025 32990

About this tag
CVE-2025-32990 is a heap-buffer-overflow vulnerability in GnuTLS's certtool template-parsing code. Microsoft mapped this CVE to its Azure Linux product family, confirming that Azure Linux ships the affected library. However, the Microsoft Security Response Center (MSRC) page's product-scoped attestation does not guarantee that other Microsoft images, containers, or build artifacts are free of the vulnerable GnuTLS code. The defect resides in the widely used TLS/x.509 library GnuTLS, which provides certtool for certificate creation and parsing. Discussions on WindowsForum clarify the scope of Microsoft's disclosure and the broader implications for systems using GnuTLS.
  1. GnuTLS CVE-2025-32990: Azure Linux Attestation and Microsoft Footprint

    GnuTLS’s certtool template-parsing bug tracked as CVE-2025-32990 is real and was mapped by Microsoft to its Azure Linux product family — but the simple sentence on the MSRC CVE page does not mean Azure Linux is the only Microsoft artifact that can contain GnuTLS. Microsoft’s wording is a...