Home

Description

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

PUBLISHED Reserved 2025-07-28 | Published 2025-10-20 | Updated 2025-10-21 | Assigner mitre

References

mbed-tls.readthedocs.io/...tech-updates/security-advisories/

mbed-tls.readthedocs.io/...y-advisory-2025-10-ssbleed-mstep/

cve.org (CVE-2025-54764)

nvd.nist.gov (CVE-2025-54764)

Download JSON