CVE-2025-52497 — Vulnetix

CVE-2025-52497 PUBLISHED CVSS 4.800000190734863 MEDIUM

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

EPSS 0.37% · 58.7th percentile

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS Score

0.37%

58.7th percentile

Affected Products

Vendor	Product	Versions
Mbed	mbedtls	0
mbed	mbedtls	0
arm	mbed_tls	0

Timeline

Jul 4, 2025 CVE Published
Jul 5, 2025 EPSS Score
Jul 15, 2025 EPSS Score
Jul 24, 2025 EPSS Score
Aug 3, 2025 EPSS Score
Aug 12, 2025 EPSS Score
Aug 22, 2025 EPSS Score
Sep 1, 2025 EPSS Score
Sep 10, 2025 EPSS Score
Sep 20, 2025 EPSS Score
Sep 29, 2025 EPSS Score
Oct 9, 2025 EPSS Score

References

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md url
https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html url
https://nvd.nist.gov/vuln/detail/CVE-2025-52497 advisory

Open in Interactive Console →