Is there a public PoC exploit available for CVE-2025-47917?

Yes, a public proof-of-concept exploit is available for CVE-2025-47917. Prioritise patching immediately. EPSS: 8.4%.

mbedTLS CVE-2025-47917

MEDIUM

N/A vendor:alpine

Information Disclosure

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 23:15 vuln.today

DescriptionCVE.org

Alpine Linux: mbedtls fixed in 3.6.4-r0

AnalysisAI

mbedTLS on Alpine Linux contains a vulnerability addressed in the 3.6.4-r0 package release, with a publicly available exploit documented on Exploit-DB. The sparse vendor description provides minimal technical detail, but the combination of a confirmed public exploit and an EPSS score in the 92nd percentile signals meaningful real-world exploitation interest. Systems running Alpine Linux with mbedTLS prior to the 3.6.4-r0 package version are the confirmed affected surface; no CVSS vector or CWE classification was provided to further characterize attack mechanics.

Technical ContextAI

mbedTLS (formerly PolarSSL) is an open-source C-language TLS/SSL library commonly used in embedded systems, IoT devices, containers, and server-side applications on Alpine Linux. It provides cryptographic primitives, X.509 certificate handling, and the TLS/DTLS protocol stack. Alpine Linux packages mbedTLS as a system library, and the fix is delivered as Alpine package version 3.6.4-r0, corresponding to an upstream mbedTLS 3.6.x LTS release. No CWE classification was provided in the available intelligence, preventing authoritative root-cause categorization. Common vulnerability classes in TLS libraries of this type include buffer overflows in parsing routines, improper memory management, cryptographic side-channel weaknesses, and improper input validation - but none can be confirmed for this CVE from available data. The absence of a CVSS vector further limits technical characterization.

Affected ProductsAI

Alpine Linux systems with the mbedtls package prior to version 3.6.4-r0 are confirmed affected, as reported by the Alpine Linux vendor. The fix package is 3.6.4-r0 in the Alpine ecosystem. The specific Alpine Linux release branches (edge, v3.21, v3.20, etc.) affected have not been enumerated in the available intelligence. No NVD CPE strings were provided, limiting precise version range enumeration. Any application or service on Alpine that links against the mbedTLS shared library (libmbedtls, libmbedcrypto, libmbedx509) may inherit the vulnerability.

RemediationAI

Update the Alpine Linux mbedtls package to version 3.6.4-r0 or later using 'apk upgrade mbedtls' on affected systems. This is the vendor-confirmed fix. Applications statically linking mbedTLS must be rebuilt against the patched library version. If immediate patching is not feasible, restrict network access to services that use mbedTLS for TLS termination, particularly those exposed to untrusted networks, as a compensating control - however, the trade-off is reduced service availability. No vendor advisory URL beyond the Alpine package tracker was provided in the available intelligence. Organizations should consult the Alpine Linux security tracker and the Exploit-DB entry at https://www.exploit-db.com/exploits/52427 for additional technical mitigations once the exploit mechanism is reviewed.

CVE-2025-47917 vulnerability details – vuln.today

Back