← voltar
CVE-2025-27809

CVE-2025-27809

CVSS 5.4 MEDIUMEPSS 0.2%CWE-1188
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Produtos afetados
Mbed · mbedtls

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Mbed-TLS/mbedtls/issues/466https://github.com/Mbed-TLS/mbedtls/releaseshttps://mastodon.social/@bagder/114219540623402700https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/