← volver
CVE-2025-27809

CVE-2025-27809

CVSS 5.4 MEDIUMEPSS 0.2%CWE-1188
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Productos afectados
Mbed · mbedtls

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Mbed-TLS/mbedtls/issues/466https://github.com/Mbed-TLS/mbedtls/releaseshttps://mastodon.social/@bagder/114219540623402700https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/