VDB
CVE-2025-48965
CVE-2025-48965
PUBLISHED
CVSS 4 MEDIUM
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.
EPSS 0.20% · 41.4th percentile
Risk Scores
CVSS v3.1
4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
EPSS Score
0.20%
41.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| mbed | mbedtls | 0 |
| Mbed | mbedtls | 0 |
| arm | mbed_tls | 0 |
Timeline
- Jul 20, 2025 CVE Published
- Jul 20, 2025 PoC Published
- Jul 21, 2025 EPSS Score
- Jul 30, 2025 EPSS Score
- Aug 8, 2025 EPSS Score
- Aug 17, 2025 EPSS Score
- Aug 26, 2025 EPSS Score
- Sep 4, 2025 EPSS Score
- Sep 13, 2025 EPSS Score
- Sep 22, 2025 EPSS Score
- Oct 1, 2025 EPSS Score
- Oct 10, 2025 EPSS Score
References
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ url
- https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md url
- https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-48965 advisory
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories url