CVE-2025-52496 — Vulnetix

CVE-2025-52496 PUBLISHED CVSS 7.800000190734863 HIGH

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

EPSS 0.09% · 24.7th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS Score

0.09%

24.7th percentile

Affected Products

Vendor	Product	Versions
Mbed	mbedtls	0
mbed	mbedtls	0
arm	mbed_tls	0

Timeline

Jul 4, 2025 CVE Published
Jul 5, 2025 EPSS Score
Jul 15, 2025 EPSS Score
Jul 24, 2025 EPSS Score
Aug 3, 2025 EPSS Score
Aug 6, 2025 PoC Published
Aug 12, 2025 EPSS Score
Aug 14, 2025 PoC Published
Aug 22, 2025 EPSS Score
Sep 1, 2025 EPSS Score
Sep 10, 2025 EPSS Score
Sep 20, 2025 EPSS Score

References

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md url
https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html url
https://nvd.nist.gov/vuln/detail/CVE-2025-52496 advisory

Open in Interactive Console →