CVE-2025-27810

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/Mbed-TLS/mbedtls/releases	Release Notes
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arm:mbed_tls::::::::
	cpe:2.3:a:arm:mbed_tls::::::::

History

30 Oct 2025, 15:05

Type	Values Removed	Values Added
References	~~() https://github.com/Mbed-TLS/mbedtls/releases -~~	() https://github.com/Mbed-TLS/mbedtls/releases - Release Notes
References	~~() https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/ -~~	() https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/ - Vendor Advisory
CPE		cpe:2.3:a:arm:mbed_tls::::::::
First Time		Arm Arm mbed Tls

27 Mar 2025, 16:45

Type	Values Removed	Values Added
Summary		(es) Mbed TLS anterior a 2.28.10 y 3.x anterior a 3.6.3, en algunos casos de asignación de memoria fallida o errores de hardware, utiliza memoria de pila no inicializada para componer el mensaje TLS Finalizado, lo que puede provocar omisiones de autenticación como repeticiones.

25 Mar 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-25 06:15

Updated : 2025-10-30 15:05

NVD link : CVE-2025-27810

Mitre link : CVE-2025-27810

CVE.ORG link : CVE-2025-27810

JSON object : View

Products Affected

arm

mbed_tls

CWE

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2025-27810", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}]}, "published": "2025-03-25T06:15:41.180", "references": [{"url": "https://github.com/Mbed-TLS/mbedtls/releases", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays."}, {"lang": "es", "value": "Mbed TLS anterior a 2.28.10 y 3.x anterior a 3.6.3, en algunos casos de asignaci\u00f3n de memoria fallida o errores de hardware, utiliza memoria de pila no inicializada para componer el mensaje TLS Finalizado, lo que puede provocar omisiones de autenticaci\u00f3n como repeticiones."}], "lastModified": "2025-10-30T15:05:35.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD0A913D-2765-4EE6-8C44-59214EFCAD03", "versionEndExcluding": "2.28.10"}, {"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "057D32FA-EAF0-4AFF-A003-C4C306BFCDA8", "versionEndExcluding": "3.6.3", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}