CVE-2025-52497

MEDIUM

Mbed TLS <3.6.4 - Buffer Overflow

Title source: llm

Description

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

References (2)

[Third Party Advisory] https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md

View Writeup ZIP pw:eip

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html

Scores

CVSS v3 4.8

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-193

Status published

Products (1)

arm/mbed_tls < 3.6.4

Published Jul 04, 2025

Tracked Since Feb 18, 2026