CVE-2025-66442

ADVISORY - nist

Summary

In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

EPSS Score: 0.0027 (0.187)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Covert Timing Channel

ADVISORY - redhat

Compiler Optimization Removal or Modification of Security-critical Code


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in