CVE-2026-25835
PRNG Seed Misuse in Mbed TLS and TF-PSA-Crypto
Publication date: 2026-04-01
Last updated on: 2026-04-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | mbed_tls | 4.0.0 |
| arm | tf-psa-crypto | to 1.1.0 (exc) |
| arm | mbed_tls | From 2.18.0 (inc) to 3.6.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-335 | The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25835 is a vulnerability in the Mbed TLS library's Platform Security Architecture (PSA) random number generator. It involves improper handling or cloning of the PSA random generator state, which can lead to security weaknesses in cryptographic operations that rely on randomness.
Specifically, the vulnerability allows attackers to predict or reproduce random values because the random number generator's state can be duplicated or cloned incorrectly. This undermines the cryptographic strength of operations depending on secure randomness.
The issue affects Mbed TLS versions before 3.6.6 and TF-PSA-Crypto before 1.1.0. Fixes include introducing fork protection mechanisms and new functions to prevent random generator state duplication and ensure secure random number generation.
How can this vulnerability impact me? :
This vulnerability can impact you by weakening the security of cryptographic operations that depend on the random number generator in Mbed TLS or TF-PSA-Crypto.
If an attacker can predict or reproduce random values due to this flaw, they may be able to compromise encryption keys, authentication tokens, or other security mechanisms that rely on randomness, potentially leading to unauthorized access or data breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper handling or cloning of the PSA random number generator state within the Mbed TLS library, which is a software component rather than a network service. Detection typically involves verifying the version of Mbed TLS or TF-PSA-Crypto in use to determine if it is before the fixed versions (Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0).
There are no specific network detection commands or signatures provided for this vulnerability. Instead, detection should focus on software inventory and version checks.
- Check the installed version of Mbed TLS: For example, if Mbed TLS is installed as a package, use commands like `mbedtls_version` if available, or check package manager info, e.g., `dpkg -l | grep mbedtls` on Debian-based systems.
- If Mbed TLS is built from source, check the version in the source directory or the version string in the library headers.
- Review application dependencies to identify if they link against vulnerable versions of Mbed TLS or TF-PSA-Crypto.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating the affected libraries to versions that include the fix for this vulnerability.
- Upgrade Mbed TLS to version 3.6.6 or later.
- Upgrade TF-PSA-Crypto to version 1.1.0 or later.
The fixes include fork protection mechanisms and new functions to prevent random generator state duplication and ensure secure random number generation.
If immediate upgrade is not possible, review the security advisory for any available work-arounds or temporary mitigations, such as avoiding process forking after random generator initialization.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-25835 affects compliance with common standards and regulations such as GDPR or HIPAA.