vulnerability
Alpine Linux: CVE-2025-27810: Use of Uninitialized Resource
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Mar 25, 2025 | Aug 8, 2025 | Dec 22, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Mar 25, 2025
Added
Aug 8, 2025
Modified
Dec 22, 2025
Description
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
Solutions
alpine-linux-upgrade-mbedtlsalpine-linux-upgrade-mbedtls2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.