Mbed TLS Timing Side-Channel Vulnerability in Block Cipher Decryption with PKCS#7 Padding

Vulnerability

A timing side-channel vulnerability has been identified in Mbed TLS versions 3.6.1 through 3.6.3 prior to 3.6.4. This vulnerability arises during the removal of padding in block cipher decryption when PKCS#7 padding mode is used, allowing an attacker to recover the plaintext.

Impact

Exploitation of this vulnerability could lead to unauthorized plaintext recovery by exploiting the timing discrepancy in padding removal.

Added: Jul 20, 2025, 7:23 PM

Updated: Jul 20, 2025, 7:23 PM

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.6

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mbed TLS Timing Side-Channel Vulnerability in Block Cipher Decryption with PKCS#7 Padding

Vulnerability

Impact

Affected Products

Mbed TLS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating