CNNVD-202507-2584 Information

CNNVD ID

CNNVD-202507-2584

Related CVE

CVE-2025-49087

• CNNVD Published: 2025-07-20

Description (Chinese)

Mbed TLS是Mbed TLS开源的一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.6.1至3.6.3版本存在安全漏洞，该漏洞源于时间差异，可能导致明文恢复。

Description (English)

Mbed TLS is an open source, portable, user-friendly, readable and flexible SSL library for Mbed TLS. Mbed TLS 3.6.1 to 3.6.3 has a security loophole, which stems from time differences and may lead to express restoration.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mbed TLS

Published

2025-07-20

Last Modified

2026-02-24

References

https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md https://access.redhat.com/security/cve/cve-2025-49087

Patch

https://github.com/Mbed-TLS/mbedtls/releases