AIKIDO-2025-10216

Mbed-TLS.mbedtls is vulnerable to Initialization of a Resource with an Insecure Default

Initialization of a Resource with an Insecure DefaultCVE-2025-27809

High Risk

This Affects:

Mbed-TLS.mbedtls

1.0.0 - 2.28.9

Fixed in 2.28.10

3.0.0 - 3.6.2

Fixed in 3.6.3

TL;DR

Affected versions of Mbed TLS up to 2.8.9 and 3.x up to 3.6.2 are vulnerable to a server impersonation issue due to an insecure default configuration. If a TLS client does not explicitly call mbedtls_ssl_set_hostname(), the hostname verification step is skipped, allowing any server with a valid certificate from a trusted CA to impersonate any other server. This flaw enables a network-based attacker to perform man-in-the-middle attacks, potentially accessing or modifying sensitive data exchanged over TLS.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

Mbed-TLS.mbedtls is vulnerable to Initialization of a Resource with an Insecure Default in versions 1.0.0 - 2.28.9 and 3.0.0 - 3.6.2.

How to fix this

To mitigate the vulnerability, TLS client applications should always call mbedtls_ssl_set_hostname() with the expected server name, unless only pre-shared key cipher suites are used. Upgrading to Mbed TLS 2.28.10 or 3.6.3 is strongly recommended, as these versions enforce hostname verification by default. Clients using certificate pinning or operating in a closed, trusted environment may not be affected, but calling mbedtls_ssl_set_hostname() is still advised as a defense-in-depth measure.