How to fix EUVD-2025-20080?

Within 30 days: Identify affected systems running MbedTLS 3.3.0 and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ubuntu affected by EUVD-2025-20080?

Organizations using MbedTLS 3.3.0 should be aware of moderate risk from CVE-2025-49600 rated CVSS 4.9. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-20080

| CVE-2025-49600 MEDIUM

2025-07-04 [email protected]

4.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 16, 2026 - 02:42 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 02:42 euvd

EUVD-2025-20080

CVE Published

Jul 04, 2025 - 15:15 nvd

MEDIUM 4.9

Description

In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_verify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS (Leighton-Micali Signature) forgery in a fault scenario. Specifically, unchecked return values in mbedtls_lms_verify allow an attacker (who can induce a hardware hash accelerator fault) to bypass LMS signature verification by reusing stale stack data, resulting in acceptance of an invalid signature. In mbedtls_lms_verify, the return values of the internal Merkle tree functions create_merkle_leaf_value and create_merkle_internal_value are not checked. These functions return an integer that indicates whether the call succeeded or not. If a failure occurs, the output buffer (Tc_candidate_root_node) may remain uninitialized, and the result of the signature verification is unpredictable. When the software implementation of SHA-256 is used, these functions will not fail. However, with hardware-accelerated hashing, an attacker could use fault injection against the accelerator to bypass verification.

Analysis

A security vulnerability in MbedTLS 3.3.0 (CVSS 4.9). Remediation should follow standard vulnerability management procedures.

Technical Context

Vulnerability type not specified by vendor. Affects MbedTLS 3.3.0.

Affected Products

['MbedTLS 3.3.0']

Remediation

Monitor vendor channels for patch availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +24

POC: 0

Vendor Status

Ubuntu

Priority: Medium

mbedtls

Release	Status	Version
oracular	ignored	end of life, was needs-triage
bionic	not-affected	code not present
focal	not-affected	code not present
jammy	not-affected	code not present
noble	not-affected	code not present
upstream	released	3.6.4
xenial	not-affected	code not present
plucky	ignored	end of life, was needed
questing	needed	-

Debian

Bug #1108787

mbedtls

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	2.16.9-0.1+deb11u3	-
bookworm	not-affected	-	-
trixie	fixed	3.6.5-0.1~deb13u1	-
forky, sid	fixed	3.6.5-0.1	-
(unstable)	fixed	3.6.4-1	-

EUVD-2025-20080 vulnerability details – vuln.today

Back

EUVD-2025-20080

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-20080

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code