CVE-2025-27810

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-27810
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27810.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-27810
Downstream
Related
Published
2025-03-25T00:00:00Z
Modified
2026-06-18T03:56:25.525515965Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.

Database specific 
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27810.json",
    "cwe_ids": [
        "CWE-908"
    ]
}
References

Affected packages

Git / github.com/mbed-tls/mbedtls

Affected ranges

Type
GIT
Repo
https://github.com/mbed-tls/mbedtls
Events
Introduced
8df2f8e7b9c7bb9390ac74bb7bace27edca81a2b
Fixed
22098d41c6620ce07cf8a0134d37302355e1e5ef
Database specific 
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.6.3"
        }
    ],
    "cpe": "cpe:2.3:a:trustedfirmware:mbed_tls:*:*:*:*:*:*:*:*"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27810.json"