Main Vulnerability Database Vulnerabilities #VU113735

Cryptographic issues in mbed TLS - CVE-2023-52353

Published: August 7, 2025

Vulnerability identifier: #VU113735

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-52353

CWE-ID: CWE-310

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: ARM

Affected software:
mbed TLS

Detailed vulnerability description

The vulnerability allows a remote attacker to downgrade TLS connection.

The issue exists due to the application does not have version negotiations process implemented when using TLS 1.3. An attacker can downgrade TLS 1.3 to previously used protocol potentially allowing MitM attacks.

How to mitigate CVE-2023-52353

Install updates from vendor's website.

Sources

https://github.com/Mbed-TLS/mbedtls/issues/8654

Cryptographic issues in mbed TLS - CVE-2023-52353

Detailed vulnerability description

How to mitigate CVE-2023-52353

Sources

Please verify you're human