CVE-2025-54764 | Mbed TLS up to 3.6.4 RSA mbedtls_mpi_mod_inv/mbedtls_mpi_gcd timing discrepancy

Inserito da Angelo Barbosa | Ott 21, 2025 | CVE

A vulnerability was found in Mbed TLS up to 3.6.4. It has been declared as problematic. This impacts the function mbedtls_mpi_mod_inv/mbedtls_mpi_gcd of the component RSA Handler. The manipulation results in observable timing discrepancy.

This vulnerability was named CVE-2025-54764. The attack needs to be approached locally. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2025-54764 | Mbed TLS up to 3.6.4 RSA mbedtls_mpi_mod_inv/mbedtls_mpi_gcd timing discrepancy

Post correlati

CVE-2025-8205 | Comodo Dragon up to 134.0.6998.179 IP DNS Leakage Detector cleartext transmission

CVE-2024-1664 | Responsive Gallery Grid Plugin up to 2.3.10 on WordPress Setting cross site scripting

CVE-2024-38586 | Linux Kernel up to 5.15.160/6.1.92/6.6.32/6.8.11/6.9.2 r8169 dma_unmap_single buffer overflow

CVE-2024-5044 | Emlog Pro 2.3.4 Cookie AuthCookie improper authentication