What is the CVSS score of CVE-2025-27810?

CVE-2025-27810 has a CVSS 3.1 base score of 5.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Mbed Tls are affected by CVE-2025-27810?

CVE-2025-27810 presents moderate security risk rated CVSS 5.4. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-27810?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Mbed Tls CVE-2025-27810

MEDIUM

Use of Uninitialized Resource (CWE-908)

2025-03-25 cve@mitre.org

Authentication Bypass Mbed Tls Suse

5.4

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 28, 2026 - 18:45 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:33 vuln.today

CVE Published

Mar 25, 2025 - 06:15 nvd

MEDIUM 5.4

DescriptionNVD

AnalysisAI

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Technical ContextAI

This vulnerability is classified as Use of Uninitialized Resource (CWE-908), which allows attackers to access uninitialized memory causing crashes or information disclosure. Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays. Affected products include: Arm Mbed Tls. Version information: before 2.28.10.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Initialize all variables, use compiler warnings for uninitialized access, use memory-safe languages.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2025-27810 vulnerability details – vuln.today

Back

Mbed Tls CVE-2025-27810

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code