CVE-2025-52497

MEDIUM EPSS 19.4%

Published Jul 4, 202512mo ago · Modified Jun 17, 20261w ago

4.8 CVSS 3.1

Medium

Published Jul 4, 2025 12mo ago

Last Modified Jun 17, 2026 1w ago

Description

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

CVSS Details

Base Score

4.8

Exploitability

2.2

Impact

2.5

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity None

Availability Low

Threat Intelligence

EPSS Exploit Probability

19.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-193

Affected Products 1

Vendor	Product	Version	Range
arm	mbed_tls	*	<3.6.4

References 2

github.com https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md

Third Party Advisory
lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.