CVE-2025-49601
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-07-17
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | From 3.3.0 (inc) to 3.6.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in MbedTLS versions 3.3.0 to before 3.6.4 in the function mbedtls_lms_import_public_key. The function reads a 4-byte type indicator from an input buffer without first checking if the buffer is at least 4 bytes long. If the input buffer is truncated and shorter than 4 bytes, this can cause an out-of-bounds read, potentially leading to a crash or limited disclosure of adjacent memory.
How can this vulnerability impact me? :
An attacker who supplies a truncated LMS public-key buffer of less than four bytes can trigger an out-of-bounds read in the affected function. This can cause the application to crash or potentially disclose limited adjacent memory, which may leak sensitive information depending on the context.