CVE-2025-54764
- CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Published: 2025-10-20T22:15:37.060
- Last modified: 1761075085
Summary
🛡️ Vulnerability overview CVE-2025-54764 Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. 📊 Technical details Severity: MEDIUM CVSS: 6.2 Vendor: Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 🧩 Affected products Not specified. 🚨 Recommended mitigations Update to the latest available version Monitor logs and network traffic Apply least-privilege and segment the network 🔗 References https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/ 🧭 Related vulnerabilities No related CVEs. Subscribe for CVE alerts Mbed TLS before 3.6.5 allows a local timing…
Technical details
Severity & risk metrics
CVSS: 6.2 (MEDIUM)
Affected products & vendors
Vendors not specified.
Exploit & mitigation
No vendor patch links provided.
References & resources
No references.
🛡️ Vulnerability overview CVE-2025-54764
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
📊 Technical details
- Severity: MEDIUM
- CVSS: 6.2
- Vendor:
- Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
🧩 Affected products
- Not specified.
🚨 Recommended mitigations
- Update to the latest available version
- Monitor logs and network traffic
- Apply least-privilege and segment the network
🔗 References
- https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/
- https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
🧭 Related vulnerabilities
- No related CVEs.
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
Related CVE by CWE
No related CWE found.
Top CVE for Vendor
No vendor taxonomy on this entry.
Recently Exploited Similar Vulnerabilities
No recent KEV-listed items for this vendor/product.
How to fix CVE-2025-54764
Description: Summary 🛡️ Vulnerability overview CVE-2025-54764 Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. 📊 Technical details Severity: MEDIUM CVSS: 6.2 Vendor: Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 🧩 Affected products Not specified. 🚨 Recommended mitigations Update to the latest available version Monitor logs and network traffic Apply […]
Exploit Difficulty: MEDIUM
âąď¸ Time to exploit: 1-4 hours
đ ď¸ Required skills: Intermediate security knowledge
đ° Public exploits: May be available
How to Fix:
- Check if you're running the affected product
- Update to the latest patched version
- If patching is not immediately possible: restrict network exposure, apply least-privilege access
- Test the fix in a staging environment first
- Review logs for signs of exploitation
- Monitor for IOCs (Indicators of Compromise)
- Enable automatic security updates
- Set up vulnerability monitoring
- Review and harden security configurations
Vendor Advisory: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/
Exploit Difficulty Assessment
Vulnerability Timeline
CVE details first published to NVD database
CVE details were updated
Added to this CVE tracking system
Detection Rules & IOCs
No specific detection rules generated for this vulnerability type.
No vendor/product data available.