Timing Side Channel Vulnerability in Mbed TLS and TF-PSA-Crypto
CVE-2025-66442

5.1MEDIUM

Key Information:

Vendor: Mbed TLS
Status: Mbed TLS
Vendor: CVE Published:; 1 April 2026

What is CVE-2025-66442?

A timing side channel vulnerability exists in Mbed TLS and TF-PSA-Crypto, affecting versions 4.0.0 and 1.0.0 respectively. This issue arises during RSA and CBC/ECB decryption processes when utilizing LLVM's select-optimize feature, potentially allowing attackers to exploit timing discrepancies to extract sensitive information. Users are advised to review the provided security advisories and implement necessary mitigations.

References

https://github.com/Mbed-TLS/mbedtls/releases

https://mbed-tls.readthedocs.io/en/latest/security-adviso...

https://github.com/Mbed-TLS/TF-PSA-Crypto/releases

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Dec 1, 2025

CVE-2025-66442 Data

JSON