CVE-2025-52496

Summary

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

Affected Software

VendorProductVersion RangeStatus
Mbedmbedtls0 < 3.6.4affected

Weaknesses

  • CWE-733: CWE-733 Compiler Optimization Removal or Modification of Security-critical Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References