CVE-2025-49087

Low

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the…

mitre·CWE-385·Published 2025-07-20

CVSS

3.7

EPSS

0.00

KEV

Exploits

cve.orgen

176 chars

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

NVDen

176 chars

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

En Mbed TLS 3.6.1 a 3.6.3 antes de 3.6.4, una discrepancia de tiempo en la eliminación del relleno del cifrado de bloque permite que un atacante recupere el texto sin formato cuando se utiliza el modo de relleno PKCS#7.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.0	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
3.1	Primary	cve.org	4.0	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
3.1	Primary	NVD	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	4.0	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N