CVE-2025-49087: 
Mbed TLS vulnerability analysis and mitigation

A timing side-channel vulnerability was discovered in Mbed TLS versions 3.6.1 through 3.6.3, identified as CVE-2025-49087. The vulnerability exists in the block cipher padding removal mechanism when using PKCS#7 padding mode. This security flaw was disclosed on July 20, 2025, affecting Mbed TLS implementations before version 3.6.4 (NVD, Debian Tracker).

The vulnerability is classified as a Covert Timing Channel (CWE-385) with a CVSS v3.1 base score of 4.0 (Medium). The attack vector is network-based (AV:N) with high attack complexity (AC:H), requiring no privileges (PR:N) or user interaction (UI:N). The scope is changed (S:C) with low confidentiality impact (C:L) and no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability allows an attacker to recover plaintext data when PKCS#7 padding mode is used in block cipher operations. This timing discrepancy could lead to information disclosure, potentially compromising the confidentiality of encrypted communications (NVD, Debian Tracker).

The vulnerability has been fixed in Mbed TLS version 3.6.4. Users are advised to upgrade to this version or later. For Debian systems, fixed packages are available in various distributions: version 3.6.4-2 for trixie and sid, while bullseye and bookworm are not affected as they use earlier versions that don't contain the vulnerable code (Debian Tracker).