exploitDog

CVE-2025-54764

Опубликовано: 20 окт. 2025

Источник: nvd

CVSS3: 6.2

EPSS Низкий

Описание

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

Ссылки

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/
Exploit
Vendor Advisory
https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*

Версия до 3.6.5 (исключая)

EPSS

Процентиль: 4%

0.0002

Низкий

6.2 Medium

CVSS3

Дефекты

CWE-208

Связанные уязвимости

CVE-2025-54764

CVSS3: 6.2

ubuntu

4 месяца назад

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

CVE-2025-54764

CVSS3: 6.2

debian

4 месяца назад

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA ...

GHSA-6237-9hpw-gcm6

CVSS3: 6.2

github

4 месяца назад

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.

EPSS

Процентиль: 4%

0.0002

Низкий

6.2 Medium

CVSS3

Дефекты

CWE-208