CVE-2024-12797 is a vulnerability in OpenSSL packages distributed with Red Hat Enterprise Linux 10, classified under CWE-295, which generally relates to improper certificate validation or authentication issues. Red Hat Product Security released a bug fix advisory RHBA-2025:6314 that includes an updated OpenSSL package (version 3.2.2-16.el10) addressing this and other related bugs. The advisory covers multiple architectures and extended support versions of RHEL 10. The update also fixes issues such as segmentation faults and provider behavior in OpenSSL. Detailed release notes and update instructions are provided by Red Hat. No public exploits have been reported, and the vendor recommends applying the update promptly.

The vulnerability affects OpenSSL in Red Hat Enterprise Linux 10 and may impact the security of cryptographic operations, potentially leading to authentication or certificate validation issues as indicated by CWE-295. While no known exploits are reported in the wild, the high severity rating suggests a significant risk if left unpatched. The update also resolves other stability and functionality issues in OpenSSL, improving overall security and reliability.

Red Hat has released an official bug fix update for OpenSSL in Red Hat Enterprise Linux 10, available through advisory RHBA-2025:6314. Users should apply this update following the instructions in the Red Hat article https://access.redhat.com/articles/11258 to remediate the vulnerability. Since this is an official fix, applying the update is the recommended mitigation. There is no indication that no action is required or that the issue is already mitigated without the update.