CVE-2025-49601

MEDIUM EPSS 17.2%

Published Jul 4, 202512mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Jul 4, 2025 12mo ago

Last Modified Jun 17, 2026 1w ago

Description

In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input.

CVSS Details

Base Score

6.5

Exploitability

3.9

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability Low

Threat Intelligence

EPSS Exploit Probability

17.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 1

Vendor	Product	Version	Range
trustedfirmware	mbed_tls	*	≥3.3.0 – <3.6.4

References 1

github.com https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-4.md

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.