What is CVE-2025-49087?

CVE-2025-49087 is a medium-severity vulnerability in Mbed Mbedtls, classified under CWE-385. CVSS score: 4.0/10. Published 2025-07-20.

How severe is CVE-2025-49087?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Vulnerability in Mbed Mbedtls

CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

EPSS: 0.004 (62.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N.

Affected products

Mbed Mbedtls — versions 3.6.1
Trustedfirmware Mbed_tls

Weakness classification (CWE)

CWE-385

References

cve@mitre.org (Vendor Advisory)
cve@mitre.org (Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2025-49087?: CVE-2025-49087 is a medium-severity vulnerability in Mbed Mbedtls, classified under CWE-385. CVSS score: 4.0/10. Published 2025-07-20.
How severe is CVE-2025-49087?: Medium severity. CVSS v3 base score is 4.0 out of 10.