CVE-2025-66442

EPSS 0.02%
Veröffentlicht 01.04.2026 00:00:00
Zuletzt bearbeitet 03.04.2026 20:04:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Arm ≫ Mbed Tls Version <= 4.0.0

Arm ≫ Tf-psa-crypto Version <= 1.0.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.1	1.4	3.6	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://github.com/Mbed-TLS/mbedtls/releases

Release Notes

https://mbed-tls.readthedocs.io/en/latest/security-advisories/

Vendor Advisory

https://github.com/Mbed-TLS/TF-PSA-Crypto/releases

Release Notes

https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-compiler-induced-constant-time-violations/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-66442

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66442

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66442

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66442