Critical OpenSSL Vulnerabilities: CRYPTO-BOX® Libraries Not Affected

The Smarx OS/CBIOS libraries, responsible for communication with the CRYPTO-BOX, utilize components from the open-source encryption library OpenSSL.

Recently, two critical vulnerabilities in the OpenSSL project were disclosed:

•     CVE-2025-15467
•     CVE-2025-9230

Great news is, that after a thorough analysis, we confirm that the libraries included in the Smarx OS Protection Kit (PPK) for the CRYPTO-BOX are not affected by these vulnerabilities. The impacted OpenSSL functions are neither used in our implementation nor exposed via our API or any application interfaces.

As a result, the vulnerable code paths in OpenSSL remain inactive within the CRYPTO-BOX libraries.

Ready to integrate CRYPTO-BOX with confidence? Contact us for any questions!