CPA2026-051 – Remediation for OpenSSL Vulnerability Affecting IRIS XMailFetcher

March 23, 2026
Canon Inc.

Description:

IRIS, a Canon company, has identified that one of its products, IRIS XMailFetcher, utilizes a vulnerable version of OpenSSL in which a malicious user may supply a Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV). OpenSSL copies this IV into a fixed‑size stack buffer without validating its length, resulting in a stack buffer overflow. This vulnerability affects OpenSSL’s parsing of CMS AuthEnvelopedData and EnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES‑GCM.

The potential impacts of this vulnerability include:

• Denial of Service (DoS) due to application crashes
• Potential remote code execution, depending on platform mitigations
• No valid key material required by the attacker, as the stack buffer overflow occurs before authentication

Affected Versions:

IRIS XMailFetcher: Version 5.0.29 and earlier.

Remediation / Mitigation:

IRIS has released IRIS XMailFetcher version 5.0.30, a security update that addresses this vulnerability (CVE‑2025‑15467).

This release includes no additional changes or new features and is focused solely on resolving this issue.

Canon recommends updating to version 5.0.30 as soon as possible. If you require assistance with the update, please contact our support team.

The fix is available under “download center” and the communication can be found under “Technical News” in the IRIS Partner Portal, under the headline: “IRIS XMailFetcher 5.0.30 – CVE‑2025‑15467 Fix”.

Please note that IRIS resolved this issue by releasing the version 5.0.30 update on 19 February 2026.

As of the date of this notice, there have been no reports of this vulnerability being exploited. However, to enhance product security, we recommend that customers install the latest IRIS XMailFetcher version 5.0.30.

CVE / CVSS:

CVE-2025-15467: A stack buffer overflow vulnerability in OpenSSL affecting the parsing of CMS AuthEnvelopedData and EnvelopedData messages. CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score: 9.3.