How severe is CVE-2025-52497?

CVE-2025-52497 has a CVSS v3 score of 4.8 (MEDIUM).

CVE-2025-52497

Name: mbed_tls
Author: arm

4.8MEDIUM

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

게시됨: 7/4/2025업데이트됨: 11/3/2025

설명

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

AI 분석AI 기반

영향받는 제품

armmbed_tls

참조

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html