How severe is CVE-2025-52497?

CVE-2025-52497 has a CVSS v3 score of 4.8 (MEDIUM).

CVE-2025-52497

Name: mbed_tls
Author: arm

4.8MEDIUM

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

Опубликовано: 7/4/2025Обновлено: 11/3/2025

Описание

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

ИИ-АнализНа базе ИИ

Затронутые продукты

armmbed_tls

Ссылки

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html