CVE-2025-52496
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-11-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | to 3.6.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-733 | The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a race condition in the AESNI detection mechanism of Mbed TLS versions before 3.6.4. It occurs when certain compiler optimizations are applied. Due to this race condition, an attacker may be able to extract an AES encryption key from a multithreaded program or perform a GCM (Galois/Counter Mode) forgery attack.
How can this vulnerability impact me? :
The vulnerability can lead to serious security impacts including the potential extraction of AES encryption keys by an attacker, which compromises the confidentiality of encrypted data. Additionally, the attacker may perform GCM forgery, undermining the integrity and authenticity of encrypted communications or data. This can result in unauthorized data access and manipulation in affected multithreaded applications using vulnerable Mbed TLS versions.