CVE-2025-27810

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.28.9 and earlier, 3.x versions prior to 3.6.3

Description The issue arises when Mbed TLS, in certain cases of failed memory allocation or hardware errors, utilizes uninitialized stack memory to compose the TLS Finished message. This could potentially lead to authentication bypasses, such as replays.

Recommendations For versions 2.28.9 and earlier, update to version 2.28.10 or later. For 3.x versions prior to 3.6.3, update to version 3.6.3 or later.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALT-PU-2025-4727

BDU:2025-06868

CVE-2025-27810

EUVD-2025-14831

JLSEC-2025-187

OPENSUSE-SU-2025:14928-1

USN-8123-1

Affected Products

Alt Linux

Debian

Linuxmint

Mbed Tls

Red Os

Ubuntu

CVE-2025-27810

Weakness Enumeration

Related Identifiers

Affected Products

References · 35