CVE-2025-49087

MEDIUM(4.0)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Risk Signal Score10/100 — NIEDRIG

CVSS 4 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

Technische Schwere

Beschreibung

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

Referenzen

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-s...
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/