Description
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Published: 2026-04-01
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Predictable random values may compromise cryptographic keys and data integrity
Action: Immediate Patch
AI Analysis

Impact

The flaw is caused by improper seeding of the pseudo‑random number generator in Mbed TLS versions earlier than 3.6.6 and in TF‑PSA‑Crypto versions earlier than 1.1.0. Because the seed values are not sufficiently random, the output of the PRNG can become predictable. If an attacker can influence the seed or observe the PRNG output, they could recover cryptographic keys or forge tokens, thereby breaching confidentiality and integrity of encrypted or signed data.

Affected Systems

Systems that link against ARM’s Mbed TLS library prior to version 3.6.6 and those that use TF‑PSA‑Crypto prior to version 1.1.0 are affected. Applications that rely on the default PRNG for key generation, TLS handshakes, or random token creation may be impacted.

Risk and Exploitability

The CVSS base score is 7.7, indicating a high severity, while the EPSS score is below 1 %, suggesting that exploitation is currently considered unlikely. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker influencing the source of entropy used to seed the PRNG, for example by providing crafted input to cryptographic operations or manipulating environment values. This inference is based on the description of the seed misuse; no public exploit has been reported to date.

Generated by OpenCVE AI on April 6, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Mbed TLS to version 3.6.6 or newer.
  • Upgrade TF‑PSA‑Crypto to version 1.1.0 or newer.

Generated by OpenCVE AI on April 6, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Seed Misuse in Pseudo‑Random Number Generator

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Arm
Arm mbed Tls
Arm tf-psa-crypto
CPEs cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*
cpe:2.3:a:arm:mbed_tls:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:arm:tf-psa-crypto:*:*:*:*:*:*:*:*
Vendors & Products Arm
Arm mbed Tls
Arm tf-psa-crypto

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mbed-tls
Mbed-tls mbedtls
Mbed-tls tf-psa-crypto
Vendors & Products Mbed-tls
Mbed-tls mbedtls
Mbed-tls tf-psa-crypto

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Seed Misuse in Pseudo‑Random Number Generator

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Weaknesses CWE-335
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Arm Mbed Tls Tf-psa-crypto
Mbed-tls Mbedtls Tf-psa-crypto
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T20:07:53.961Z

Reserved: 2026-02-06T00:00:00.000Z

Link: CVE-2026-25835

cve-icon Vulnrichment

Updated: 2026-04-01T20:06:36.914Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-01T19:16:28.663

Modified: 2026-04-06T14:29:47.000

Link: CVE-2026-25835

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:07:45Z

Weaknesses