PT-2025-28011 · Mbed Tls+3 · Mbed Tls+3

Published

2025-06-30

Updated

2026-05-05

CVE-2025-52497

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 3.6.4

Description: The issue is related to a PEM parsing one-byte heap-based buffer underflow in Mbed TLS, specifically in the mbedtls pem read buffer and two mbedtls pk parse functions. This occurs when the software processes untrusted PEM input.

Recommendations: For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mbedtls pem read buffer and mbedtls pk parse functions to minimize the risk of exploitation. Avoid using untrusted PEM input until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

BDU:2025-09516

CVE-2025-52497

DLA-4274-1

USN-8123-1

Affected Products

Debian

Linuxmint

Mbed Tls

Ubuntu

PT-2025-28011 · Mbed Tls+3 · Mbed Tls+3

CVE-2025-52497

Weakness Enumeration

Related Identifiers

Affected Products

References · 26