CVE-2025-49087

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md	Exploit Third Party Advisory
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-20 19:15

Updated : 2025-08-07 01:21

NVD link : CVE-2025-49087

Mitre link : CVE-2025-49087

CVE.ORG link : CVE-2025-49087

JSON object : View

Products Affected

arm

mbed_tls

CWE

CWE-385

Covert Timing Channel

{"id": "CVE-2025-49087", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}]}, "published": "2025-07-20T19:15:24.037", "references": [{"url": "https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-385"}]}], "descriptions": [{"lang": "en", "value": "In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used."}, {"lang": "es", "value": "En Mbed TLS 3.6.1 a 3.6.3 antes de 3.6.4, una discrepancia de tiempo en la eliminaci\u00f3n del relleno del cifrado de bloque permite que un atacante recupere el texto sin formato cuando se utiliza el modo de relleno PKCS#7."}], "lastModified": "2025-08-07T01:21:40.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC9F9D14-4DB2-404F-920A-5F0935B29087", "versionEndExcluding": "3.6.4", "versionStartIncluding": "3.6.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}