How severe is CVE-2025-52497?

CVE-2025-52497 has a CVSS v3 score of 4.8 (MEDIUM).

CVE-2025-52497

Name: mbed_tls
Author: arm

4.8MEDIUM

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

Veröffentlicht: 7/4/2025Aktualisiert: 11/3/2025

Beschreibung

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

KI-AnalyseKI-gestützt

Betroffene Produkte

armmbed_tls

Referenzen

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html