Vulnerability in N/a

CVE-2025-66442

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

EPSS: 0.000 (6.9th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References