Summary
The OpenSSL project has published a security advisory for CVE-2025-15467, describing a vulnerability affecting certain implementations that rely on the OpenSSL cryptographic library.
This advisory has prompted questions from customers regarding potential exposure within Riva Cloud services.
After review, Riva Cloud is not impacted by this vulnerability.
Riva Cloud Impact and Response
The CVE-2025-15467 vulnerability applies only to software that directly uses affected versions of the OpenSSL library.
Riva Cloud and its related services do not use OpenSSL for cryptographic operations. As a result:
Riva Cloud Sync, Web, and Insight services are not affected
No customer data is exposed
No mitigation or action is required within Riva Cloud environments
In addition, third-party services used by Riva Cloud for supporting functions (such as billing and payment processing) have been reviewed and are also not impacted by this vulnerability.
Riva continuously monitors upstream security advisories and validates their applicability against our architecture and dependencies as part of our standard security review process.
Conclusion
Riva Cloud customers are not impacted by CVE-2025-15467. This vulnerability does not apply to Riva Cloud. No remediation or configuration changes are required.
Additional Information
Customers who manage their own infrastructure, applications, CRM platforms, or email services that rely on OpenSSL should review the advisory and apply updates or mitigations as recommended by OpenSSL.
Official OpenSSL vulnerability details can be found here: https://openssl-library.org/news/vulnerabilities/index.html#CVE-2025-15467
At Riva, we are committed to providing enterprise-grade security and transparent communication around potential risks.
If you have additional security questions or would like to discuss this advisory in more detail, please contact the Technical Support Team, and we will be happy to assist.