CVE-2025-49601 | mbed TLS up to 3.6.3 mbedtls_lms_import_public_key out-of-bounds (EUVD-2025-20079)

A vulnerability, which was classified as critical, was found in mbed TLS up to 3.6.3. This affects the function mbedtls_lms_import_public_key. The manipulation leads to out-of-bounds read.

This vulnerability is uniquely identified as CVE-2025-49601. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More