CVE-2025-66442
Timing Side-Channel in Mbed TLS RSA and CBC/ECB Decryption
Publication date: 2026-04-01
Last updated on: 2026-04-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | to 4.0.0 (inc) |
| arm | tf-psa-crypto | to 1.0.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-385 | Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2025-66442 is a compiler-induced timing side channel vulnerability in Mbed TLS and TF-PSA-Crypto that can potentially leak sensitive cryptographic information through timing variations.
Such side-channel vulnerabilities can undermine the confidentiality guarantees of cryptographic operations, which are critical for compliance with data protection standards like GDPR and HIPAA that require protection of sensitive data.
However, the provided information does not explicitly discuss the direct impact of this vulnerability on compliance with these or other common standards and regulations.
Can you explain this vulnerability to me?
CVE-2025-66442 is a compiler-induced timing side channel vulnerability in Mbed TLS through version 4.0.0 and TF-PSA-Crypto through version 1.0.0. It occurs specifically when LLVM's select-optimize feature is used, causing cryptographic operations such as RSA and CBC/ECB decryption to deviate from constant-time execution guarantees.
This deviation allows attackers to potentially infer sensitive information by measuring timing variations during cryptographic operations, undermining the security of the cryptographic library.
The vulnerability is related to compiler optimizations that break the intended constant-time behavior of cryptographic code, enabling side-channel attacks.
How can this vulnerability impact me? :
This vulnerability can lead to the leakage of sensitive cryptographic information through timing side channels, potentially allowing attackers to recover private keys or decrypt sensitive data.
Because the timing variations occur during RSA and CBC/ECB decryption operations, attackers with the ability to measure these timings could exploit this to compromise the confidentiality of encrypted communications or data.
The CVSS v3.1 base score of 5.1 indicates a medium severity impact, with the attack vector being local and requiring high attack complexity without privileges or user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a compiler-induced timing side channel affecting RSA and CBC/ECB decryption in Mbed TLS and TF-PSA-Crypto when compiled with LLVM's select-optimize feature. Detection involves identifying if your system is running affected versions of Mbed TLS (through 4.0.0) or TF-PSA-Crypto (through 1.0.0) compiled with LLVM select-optimize enabled.
Since this is a timing side-channel vulnerability caused by compiler optimizations, direct network detection commands are not straightforward. Instead, detection should focus on verifying the version of the cryptographic libraries in use and the compiler flags used during build.
- Check the version of Mbed TLS or TF-PSA-Crypto installed: e.g., `mbedtls_version` command or inspecting package versions.
- Inspect the build configuration or compilation flags to see if LLVM's select-optimize feature was enabled.
- Use timing analysis tools or side-channel detection frameworks to analyze cryptographic operations for timing variations, though this requires specialized expertise.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to update to the fixed versions of the affected libraries. Specifically, upgrade TF-PSA-Crypto to version 1.1.0 or later, which includes fixes addressing this vulnerability and other related security issues.
For Mbed TLS, ensure you are using a version later than 4.0.0 where the timing side-channel issues have been addressed.
Additionally, review and adjust your build process to avoid enabling LLVM's select-optimize feature or other compiler optimizations that induce timing side channels.
If your application clones state (e.g., via fork or VM snapshot), explicitly reseed the random number generator using the new APIs introduced in TF-PSA-Crypto 1.1.0 to prevent RNG state duplication vulnerabilities.
Follow the recommendations in the TF-PSA-Crypto 1.1.0 release notes and Mbed TLS advisories to ensure all security fixes and enhancements are applied.