CVE-2025-49087

Published
View on NVD ↗
CVSS v3
4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

Mbed-TLS/mbedtls-docs
Mbed-TLS/mbedtls-docs
Version-independent documentation for Mbed TLS
GitHubGitHub
22