CVE-2025-49600 – This vulnerability in MbedTLS allows attackers ... (How to Fix)

Q: What is the severity of CVE-2025-49600?

CVE-2025-49600 has a CVSS score of 4.9 (MEDIUM). This vulnerability in MbedTLS allows attackers to forge LMS signatures when using hardware-accelerated hashing. An attacker who can induce faults in hash accelerator hardware can bypass signature verification, potentially accepting invalid signatures. This affects systems using MbedTLS with LMS signatures and hardware hash acceleration.

📋 TL;DR

This vulnerability in MbedTLS allows attackers to forge LMS signatures when using hardware-accelerated hashing. An attacker who can induce faults in hash accelerator hardware can bypass signature verification, potentially accepting invalid signatures. This affects systems using MbedTLS with LMS signatures and hardware hash acceleration.

💻 Affected Systems

Products:

MbedTLS

Versions: 3.3.0 through 3.6.3

Operating Systems: All operating systems using affected MbedTLS versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when using LMS signatures with hardware-accelerated hashing. Software SHA-256 implementation is not affected.

📦 What is this software?

Mbed Tls by Arm

View all CVEs affecting Mbed Tls →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete bypass of LMS signature verification allowing forged signatures to be accepted as valid, potentially compromising authentication, code signing, or secure boot mechanisms.

🟠

Likely Case

Limited impact requiring physical access or specialized hardware to induce faults, primarily affecting high-security environments using LMS signatures with hardware acceleration.

🟢

If Mitigated

Minimal impact when using software SHA-256 implementation or when hardware fault injection is prevented through physical security controls.

🌐 Internet-Facing: LOW - Requires physical access or specialized hardware fault injection capabilities against specific hardware accelerators.

🏢 Internal Only: MEDIUM - Could affect internal systems with hardware accelerators if an attacker gains physical access or can induce faults through other means.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires physical access or ability to induce hardware faults in hash accelerators, making it complex and targeted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.4

Vendor Advisory: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md

Restart Required: Yes

Instructions:

1. Download MbedTLS 3.6.4 or later from official repository. 2. Replace vulnerable version with patched version. 3. Recompile and relink applications using MbedTLS. 4. Restart affected services.

🔧 Temporary Workarounds

Disable hardware acceleration

all

Force use of software SHA-256 implementation instead of hardware acceleration

Configure MbedTLS to use MBEDTLS_SHA256_ALT=0 in mbedtls_config.h

Disable LMS signatures

all

Disable LMS signature functionality if not required

Set MBEDTLS_LMS_C=0 in mbedtls_config.h

🧯 If You Can't Patch

Implement physical security controls to prevent hardware fault injection attacks
Monitor for unusual signature verification failures or anomalies in LMS signature operations

🔍 How to Verify

Check if Vulnerable:

Check MbedTLS version with: mbedtls_version -v or examine source code for version 3.3.0-3.6.3

Check Version:

mbedtls_version -v

Verify Fix Applied:

Verify version is 3.6.4 or later and check that return values are properly checked in mbedtls_lms_verify function

📡 Detection & Monitoring

Log Indicators:

Unexpected LMS signature verification successes
Hash computation failures in hardware acceleration

Network Indicators:

Unusual signature patterns in LMS-signed communications

SIEM Query:

Search for: ("mbedtls_lms_verify" AND "signature accepted") OR ("hardware hash" AND "failure")

📊 Metadata

CVE ID: CVE-2025-49600

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE: CWE-325

EPSS Score: 0.01% exploit probability (0.6th percentile)

Published: July 4, 2025

Last Updated: July 17, 2025

🔗 References

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-3.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49600, you might also want to check these: