Description
In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Published: 2026-04-01
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure via Timing Side-Channel
Action: Apply Patch
AI Analysis

Impact

A compiler-induced timing side channel exists in Mbed TLS through version 4.0.0 and in TF-PSA-Crypto through version 1.0.0. The flaw manifests during RSA and CBC/ECB decryption when LLVM’s select‑optimize feature is enabled, allowing an adversary to infer secrets from subtle timing variations in the decryption process. This can lead to leakage of private keys or plaintext data.

Affected Systems

ARM’s Mbed TLS library up to and including release 4.0.0, and the TF-PSA-Crypto library up to and including release 1.0.0 are affected. Any applications or systems that use these libraries with LLVM’s select‑optimize enabled are potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.1 indicates medium severity, but the EPSS score of less than 1 % and absence from the KEV catalog imply a low likelihood of active exploitation. Exploitation requires that the vulnerable library be compiled with LLVM’s select‑optimize enabled, so the attack surface is limited to developers or build environments that use these settings. If an attacker can influence the compilation of code containing the vulnerable libraries on a target system, they could measure timing differences and gain sensitive information, but widespread, automated exploitation is currently unlikely.

Generated by OpenCVE AI on April 3, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify the currently installed versions of Mbed TLS and TF-PSA-Crypto.
  • If the versions are 4.0.0 or earlier for Mbed TLS or 1.0.0 or earlier for TF-PSA-Crypto, upgrade to the latest released versions from the official repositories.
  • Rebuild all affected projects after the upgrade, ensuring that LLVM’s select‑optimize feature is disabled or removed from the build flags.
  • Validate that the rebuilt applications no longer exhibit the timing side channel by conducting side‑channel tests or following vendor guidance.
  • If a timely upgrade is not possible, monitor vendor advisories for future fixes and consider isolating cryptographic workloads that rely on the affected libraries.

Generated by OpenCVE AI on April 3, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Arm
Arm mbed Tls
Arm tf-psa-crypto
CPEs cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:tf-psa-crypto:*:*:*:*:*:*:*:*
Vendors & Products Arm
Arm mbed Tls
Arm tf-psa-crypto

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mbed-tls
Mbed-tls mbedtls
Mbed-tls tf-psa-crypto
Vendors & Products Mbed-tls
Mbed-tls mbedtls
Mbed-tls tf-psa-crypto

Thu, 02 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title mbedtls: Mbed TLS and TF-PSA-Crypto: Information disclosure via compiler-induced timing side channel
Weaknesses CWE-733
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Weaknesses CWE-385
References
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Arm Mbed Tls Tf-psa-crypto
Mbed-tls Mbedtls Tf-psa-crypto
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T20:00:06.815Z

Reserved: 2025-12-01T00:00:00.000Z

Link: CVE-2025-66442

cve-icon Vulnrichment

Updated: 2026-04-01T19:58:42.109Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T20:16:22.107

Modified: 2026-04-03T20:04:38.487

Link: CVE-2025-66442

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-01T00:00:00Z

Links: CVE-2025-66442 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:07:48Z

Weaknesses