Search for vulnerabilities
Vulnerability details: VCID-zrja-a9ut-c3dr
Vulnerability ID VCID-zrja-a9ut-c3dr
Aliases CVE-2025-27810
Summary Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
Status Published
Exploitability 0.5
Weighted Severity 4.9
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-908 Use of Uninitialized Resource
System Score Found at
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
epss 0.00066 https://api.first.org/data/v1/epss?cve=CVE-2025-27810
cvssv3.1 5.4 https://github.com/Mbed-TLS/mbedtls/releases
ssvc Track https://github.com/Mbed-TLS/mbedtls/releases
cvssv3.1 5.4 https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
ssvc Track https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2025-27810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27810
https://github.com/Mbed-TLS/mbedtls/releases
1101499 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101499
CVE-2025-27810 https://nvd.nist.gov/vuln/detail/CVE-2025-27810
mbedtls-security-advisory-2025-03-2 https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/Mbed-TLS/mbedtls/releases
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/ Found at https://github.com/Mbed-TLS/mbedtls/releases
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-25T14:36:57Z/ Found at https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
Exploit Prediction Scoring System (EPSS)
Percentile 0.04633
EPSS Score 0.00032
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-03-28T07:33:35.368248+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 36.0.0