VDB
CVE-2025-27810
CVE-2025-27810
PUBLISHED
CVSS 4.800000190734863 MEDIUM
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
EPSS 0.18% · 39.9th percentile
Risk Scores
CVSS v3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.18%
39.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| arm | mbed_tls | 3.0.0, 0 |
| mbed | mbedtls | 0, 3.0.0 |
| Mbed | mbedtls | 0, 3.0.0 |
Timeline
- Mar 25, 2025 CVE Published
- Mar 25, 2025 EPSS Score
- Mar 25, 2025 Coalition ESS Score
- Mar 25, 2025 PoC Published
- Mar 25, 2025 CVE Updated
- Mar 28, 2025 Coalition ESS Score
- Apr 7, 2025 EPSS Score
- Apr 20, 2025 EPSS Score
- May 3, 2025 EPSS Score
- May 16, 2025 EPSS Score
- May 30, 2025 EPSS Score
- Jun 12, 2025 EPSS Score
References
- https://github.com/Mbed-TLS/mbedtls/releases url
- https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/ url
- https://nvd.nist.gov/vuln/detail/CVE-2025-27810 advisory
- https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2 url