CVE-2025-59438
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-23
Assigner: MITRE
Description
Description
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | to 3.6.5 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-208 | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Observable Timing Discrepancy in Mbed TLS versions up to 3.6.4. It means that the time taken by certain operations can vary in a way that can be observed by an attacker, potentially leaking sensitive information.
How can this vulnerability impact me? :
The timing discrepancy could allow an attacker to gain information about cryptographic operations, potentially leading to the compromise of sensitive data or cryptographic keys.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70