VDB
CVE-2025-49601
CVE-2025-49601
PUBLISHED
CVSS 4.800000190734863 MEDIUM
In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input.
EPSS 0.26% · 49.0th percentile
Risk Scores
CVSS v3.1
4.800000190734863
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score
0.26%
49.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mbed | mbedtls | 3.3.0 |
| arm | mbed_tls | 3.3.0 |
| mbed | mbedtls | 3.3.0 |
Timeline
- Jul 4, 2025 CVE Published
- Jul 4, 2025 Coalition ESS Score
- Jul 5, 2025 EPSS Score
- Jul 8, 2025 Coalition ESS Score
- Jul 8, 2025 CVE Updated
- Jul 15, 2025 EPSS Score
- Jul 17, 2025 Coalition ESS Score
- Jul 24, 2025 EPSS Score
- Aug 3, 2025 EPSS Score
- Aug 6, 2025 PoC Published
- Aug 12, 2025 EPSS Score
- Aug 14, 2025 PoC Published