CVE-2025-27809

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.x through 2.28.9 Mbed TLS versions 3.x through 3.6.2

Description The issue allows servers with trusted certificates for arbitrary hostnames to be accepted by the client unless the TLS client application calls mbedtls ssl set hostname.

Recommendations For Mbed TLS versions 2.x through 2.28.9, update to version 2.28.10 or later. For Mbed TLS versions 3.x through 3.6.2, update to version 3.6.3 or later. As a temporary workaround, consider calling mbedtls ssl set hostname in the TLS client application to restrict the acceptance of servers with trusted certificates to specific hostnames.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

ALT-PU-2025-10462

ALT-PU-2025-4727

BDU:2025-06869

CVE-2025-27809

OPENSUSE-SU-2025:14928-1

Affected Products

Alt Linux

Debian

Mbed Tls

Red Os

CVE-2025-27809

Weakness Enumeration

Related Identifiers

Affected Products

References · 27