CVE-2025-52497

ADVISORY - nist

Summary

Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.

EPSS Score⁠: 0.001 (0.276)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-193⁠

Off-by-one Error

Impacted images

Advisories

NIST

CREATED

10 months ago

UPDATED

6 months ago

ADVISORY IDCVE-2025-52497⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-193⁠

CVSS SCORE

4.8medium

Alpine

CREATED

9 months ago

UPDATED

16 days ago

ADVISORY IDCVE-2025-52497⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

10 months ago

UPDATED

9 days ago

ADVISORY IDCVE-2025-52497⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

10 months ago

UPDATED

28 days ago

ADVISORY IDCVE-2025-52497⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium