CVE-2025-27809

MEDIUM(5.4)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Risk Signal Score14/100 — NIEDRIG

CVSS 5.4 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

5.4

Technische Schwere

Beschreibung

Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.

Referenzen

https://github.com/Mbed-TLS/mbedtls/releases
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-a...
https://github.com/Mbed-TLS/mbedtls/issues/466
https://mastodon.social/@bagder/114219540623402700