ByteOS Network

NVD Vulnerability Details :

CVE-2025-49087

Analyzed

Source-cve@mitre.org

Published At-20 Jul, 2025 | 19:15

Updated At-07 Aug, 2025 | 01:21

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.0	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary	3.1	3.7	LOW	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

Arm Limited

>>mbed_tls>>Versions from 3.6.1(inclusive) to 3.6.4(exclusive)

cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-385	Primary	cve@mitre.org

References

Hyperlink	Source	Resource
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md	cve@mitre.org	Exploit Third Party Advisory
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/	cve@mitre.org	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History