CVE-2025-66442: In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occ

Description

A vulnerability described as problematic has been identified in mbed TLS up to 4.0.0 . This affects an unknown function of the component RSA/CBC/ECB . Such manipulation leads to covert timing channel. This vulnerability is listed as CVE-2025-66442 . The attack may be performed from remote. There is no available exploit.

Affected Products

Vendor	Product	Versions
mbed TLS	n/a	n/a, up to 4.0.0

References

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2025-66442 | mbed TLS up to 4.0.0 RSA/CBC/ECB covert timing channel

→ No new info (linked only)

CVSS 3.15.1 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-385

PublishedApr 1, 2026

Last enriched2h agov2

Trending Score23

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated description, vendor, product, affected versions, and exploit availability based on the new article.

descriptionvendoraffectedVersions

via VulDB

v16h ago

Initial creation