DEBIAN-CVE-2026-25835 — Vulnetix

DEBIAN-CVE-2026-25835 PUBLISHED CVSS 7.699999809265137 HIGH

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).

Risk Scores

CVSS 3.1

7.699999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:11	mbedtls	2.16.11-0.3, 3.6.5-0.1, 3.6.5-0.1
Debian:13	mbedtls	3.6.5-0.1, 0, 3.6.4-2
Debian:12	mbedtls	3.6.0-2, 2.28.8-1, 2.28.7-1.1
Debian:14	mbedtls	0, 3.6.4-2, 3.6.5-0.1~deb13u1

Exploit Intelligence

2026.xml (github-poc)

Timeline

Apr 1, 2026 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-25835 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›