CVE-2025-52496 – Mbed TLS versions before 3.6.4 have a race cond... (How to Fix)

Q: What is the severity of CVE-2025-52496?

CVE-2025-52496 has a CVSS score of 7.8 (HIGH). Mbed TLS versions before 3.6.4 have a race condition in AESNI detection that can occur with certain compiler optimizations. This vulnerability allows attackers to extract AES keys from multithreaded programs or perform GCM forgeries. Affected systems include any application using vulnerable Mbed TLS versions with AES-GCM or AES-CBC encryption in multithreaded environments.

📋 TL;DR

Mbed TLS versions before 3.6.4 have a race condition in AESNI detection that can occur with certain compiler optimizations. This vulnerability allows attackers to extract AES keys from multithreaded programs or perform GCM forgeries. Affected systems include any application using vulnerable Mbed TLS versions with AES-GCM or AES-CBC encryption in multithreaded environments.

💻 Affected Systems

Products:

Mbed TLS

Versions: All versions before 3.6.4

Operating Systems: All operating systems running vulnerable Mbed TLS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires multithreaded program execution with specific compiler optimizations that affect AESNI detection.

📦 What is this software?

Mbed Tls by Arm

View all CVEs affecting Mbed Tls →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of AES encryption keys leading to decryption of sensitive data and authentication bypass via GCM forgery attacks.

🟠

Likely Case

Partial key extraction enabling limited data decryption or successful GCM forgeries in targeted attacks against vulnerable multithreaded applications.

🟢

If Mitigated

No impact if patched or if applications don't use multithreaded AES operations with compiler optimizations enabled.

🌐 Internet-Facing: MEDIUM - Requires specific multithreaded usage patterns and compiler optimizations, but internet-facing services using vulnerable configurations could be targeted.

🏢 Internal Only: MEDIUM - Internal applications with vulnerable configurations face similar risks, though attack surface may be more limited.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires specific multithreaded conditions and compiler optimization states.

Exploitation requires attacker to trigger the race condition in multithreaded environments with specific compiler optimizations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.4

Vendor Advisory: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md

Restart Required: Yes

Instructions:

1. Download Mbed TLS 3.6.4 or later from official repository. 2. Replace existing Mbed TLS installation. 3. Recompile any applications using Mbed TLS. 4. Restart affected services.

🔧 Temporary Workarounds

Disable compiler optimizations

all

Compile Mbed TLS without optimizations that could trigger the race condition

CFLAGS="-O0" make

Disable AESNI support

linux

Force Mbed TLS to use software AES implementation instead of hardware acceleration

./configure --disable-aesni
make clean && make

🧯 If You Can't Patch

Isolate vulnerable systems from untrusted networks
Monitor for unusual cryptographic operations or authentication failures

🔍 How to Verify

Check if Vulnerable:

Check Mbed TLS version with: mbedtls_version -v or examine library files for version < 3.6.4

Check Version:

mbedtls_version -v 2>/dev/null || strings /path/to/libmbedtls* | grep -i version

Verify Fix Applied:

Verify version is 3.6.4 or later and test AES-GCM operations in multithreaded environment

📡 Detection & Monitoring

Log Indicators:

Multiple authentication failures with GCM
Unexpected cryptographic errors in multithreaded contexts

Network Indicators:

Repeated failed TLS handshakes with AES-GCM ciphers

SIEM Query:

source="application_logs" AND ("AES" OR "GCM") AND ("error" OR "failure" OR "race")

📊 Metadata

CVE ID: CVE-2025-52496

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-733

EPSS Score: 0.02% exploit probability (4.6th percentile)

Published: July 4, 2025

Last Updated: November 3, 2025

🔗 References

https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md Exploit,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52496, you might also want to check these: