Mbed Mbedtls
9 CVEs affecting Mbed Mbedtls. Latest disclosed: 2025-07-20. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47917 | High | 8.9 | 2025-07-20 | Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedt… |
CVE-2025-52496 | High | 7.8 | 2025-07-04 | Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a mul… |
CVE-2025-27810 | Medium | 5.4 | 2025-03-25 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS… |
CVE-2025-27809 | Medium | 5.4 | 2025-03-25 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client… |
CVE-2025-49600 | Medium | 4.9 | 2025-07-04 | In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leigh… |
CVE-2025-49601 | Medium | 4.8 | 2025-07-04 | In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a… |
CVE-2025-52497 | Medium | 4.8 | 2025-07-04 | Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM… |
CVE-2025-49087 | Medium | 4.0 | 2025-07-20 | In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padd… |
CVE-2025-48965 | Medium | 4.0 | 2025-07-20 | Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater… |