CVE-2025-27810

MEDIUM

5.4

Descricao

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

Detalhes CVE

Pontuacao CVSS v3.15.4

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeHIGH

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado3/25/2025

Ultima modificacao10/30/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

arm:mbed_tls

Fraquezas (CWE)

CWE-908

Referencias

https://github.com/Mbed-TLS/mbedtls/releases(cve@mitre.org)

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.