CVE-2025-52497

| EUVD-2025-20082 MEDIUM
2025-07-04 [email protected]
4.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch Released
Mar 25, 2026 - 20:47 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 02:42 euvd
EUVD-2025-20082
Analysis Generated
Mar 16, 2026 - 02:42 vuln.today
CVE Published
Jul 04, 2025 - 15:15 nvd
MEDIUM 4.8

Tags

Information Disclosure Ubuntu Debian Mbed Tls Suse

Description

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

Analysis

A security vulnerability in Mbed TLS before 3.6.4 (CVSS 4.8). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Technical Context

Vulnerability type not specified by vendor. Affects Mbed TLS before 3.6.4.

Affected Products

['Mbed TLS before 3.6.4']

Remediation

Apply the vendor-supplied patch immediately.

Priority Score

24
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +24
POC: 0

Vendor Status

Ubuntu

Priority: Medium
mbedtls
Release Status Version
oracular ignored end of life, was needs-triage
bionic needed -
focal needed -
jammy needed -
noble needed -
upstream released 3.6.4
xenial needed -
plucky ignored end of life, was needed
questing needed -

Debian

Bug #1108786
mbedtls
Release Status Fixed Version Urgency
bullseye fixed 2.16.9-0.1+deb11u2 -
bullseye (security) fixed 2.16.9-0.1+deb11u3 -
bookworm vulnerable 2.28.3-1 -
trixie fixed 3.6.5-0.1~deb13u1 -
forky, sid fixed 3.6.5-0.1 -
(unstable) fixed 3.6.4-1 -
DLA-4274-1

Share

CVE-2025-52497 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy