CVE-2025-27810

{"id": "CVE-2025-27810", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.2}]}, "published": "2025-03-25T06:15:41.180", "references": [{"url": "https://github.com/Mbed-TLS/mbedtls/releases", "source": "cve@mitre.org"}, {"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays."}, {"lang": "es", "value": "Mbed TLS anterior a 2.28.10 y 3.x anterior a 3.6.3, en algunos casos de asignaci\u00f3n de memoria fallida o errores de hardware, utiliza memoria de pila no inicializada para componer el mensaje TLS Finalizado, lo que puede provocar omisiones de autenticaci\u00f3n como repeticiones."}], "lastModified": "2025-03-27T16:45:46.410", "sourceIdentifier": "cve@mitre.org"}