Loading
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
Use CWE-208, Arm vendor hub and Mbed Tls product page to widen CVE-2025-54764 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-34877, CVE-2026-34875 and CVE-2026-34873 for nearby disclosures in the same product family.