CVE-2025-27498: 
Rust vulnerability analysis and mitigation

aes-gcm is a pure Rust implementation of the AES-GCM cryptographic algorithm. The vulnerability (CVE-2025-27498) was discovered in versions prior to 0.4.3, where the decryptinplace_detached function exposes the decrypted ciphertext even when tag verification fails. This security issue was disclosed on March 3, 2025 (NVD, GitHub Advisory).

The vulnerability occurs in the decrypt_inplace function within asconcore.rs. When tag verification fails, the function returns an error but leaves the plaintext contents in the buffer instead of clearing it. This implementation flaw could allow unauthenticated plaintext to remain accessible after a decryption failure. The vulnerability has been assigned a CVSS v4.0 base score of 5.6 (Medium) with vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N (NVD).

If an application continues to use the result of decryptinplace_detached after a decryption failure, it will be processing unauthenticated data. This could potentially enable chosen ciphertext attacks (CCAs) where attackers can manipulate encrypted data and observe the decrypted results, even when authentication fails (GitHub Advisory).

The vulnerability has been fixed in version 0.4.3 of the aes-gcm crate. The fix involves zeroing out the buffer during decryption when tag verification fails. Users should upgrade to version 0.4.3 or later to address this security issue (GitHub Commit).