CNNVD-202507-498 Information

CNNVD ID

CNNVD-202507-498

Related CVE

CVE-2025-52496

• CNNVD Published: 2025-07-04

Description (Chinese)

Mbed TLS是Mbed TLS开源的一个开源、可移植、易于使用、可读且灵活的 SSL 库。 Mbed TLS 3.6.4之前版本存在安全漏洞，该漏洞源于AESNI检测中的竞争条件，可能导致AES密钥泄露或GCM伪造。

Description (English)

Mbed TLS is an open source, portable, user-friendly, readable and flexible SSL library for Mbed TLS. The previous version of Mbed TLS 3.6.4 had a security loophole, which stemmed from the competitive conditions in the AESNI test and could lead to the disclosure of the AES key or its forgery by GCM.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Mbed TLS

Published

2025-07-04

Last Modified

2026-02-24

References

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md

Patch

https://github.com/Mbed-TLS/mbedtls/releases