CVE-2025-27810 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-27810 Interim 1 3 2025-11-01T00:46:51Z current 2025-03-26T00:12:26Z 2025-11-01T00:46:51Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-27810 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NEXH3S4RBK73QBEEJ7JPT75BI5G4JFKE/ E-Mail link for openSUSE-SU-2025:14928-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed libmbedcrypto7-2.28.10-1.1 libmbedcrypto7-x86-64-v3-2.28.10-1.1 libmbedtls14-2.28.10-1.1 libmbedtls14-x86-64-v3-2.28.10-1.1 libmbedx509-1-2.28.10-1.1 libmbedx509-1-x86-64-v3-2.28.10-1.1 mbedtls-2-devel-2.28.10-1.1 libmbedcrypto7-2.28.10-1.1 as a component of openSUSE Tumbleweed libmbedcrypto7-x86-64-v3-2.28.10-1.1 as a component of openSUSE Tumbleweed libmbedtls14-2.28.10-1.1 as a component of openSUSE Tumbleweed libmbedtls14-x86-64-v3-2.28.10-1.1 as a component of openSUSE Tumbleweed libmbedx509-1-2.28.10-1.1 as a component of openSUSE Tumbleweed libmbedx509-1-x86-64-v3-2.28.10-1.1 as a component of openSUSE Tumbleweed mbedtls-2-devel-2.28.10-1.1 as a component of openSUSE Tumbleweed Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays. CVE-2025-27810 openSUSE Tumbleweed:libmbedcrypto7-2.28.10-1.1 openSUSE Tumbleweed:libmbedcrypto7-x86-64-v3-2.28.10-1.1 openSUSE Tumbleweed:libmbedtls14-2.28.10-1.1 openSUSE Tumbleweed:libmbedtls14-x86-64-v3-2.28.10-1.1 openSUSE Tumbleweed:libmbedx509-1-2.28.10-1.1 openSUSE Tumbleweed:libmbedx509-1-x86-64-v3-2.28.10-1.1 openSUSE Tumbleweed:mbedtls-2-devel-2.28.10-1.1 moderate 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N