How severe is CVE-2025-52497?

CVE-2025-52497 has a CVSS v3 score of 4.8 (MEDIUM).

CVE-2025-52497

Name: mbed_tls
Author: arm

4.8MEDIUM

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

发布于: 7/4/2025更新于: 11/3/2025

描述

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

AI分析AI驱动

受影响产品

armmbed_tls

参考资料

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html