#VU113735 Cryptographic issues in mbed TLS - CVE-2023-52353
Published: August 7, 2025
Vulnerability identifier: #VU113735
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-52353
CWE-ID: CWE-310
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
mbed TLS
mbed TLS
Software vendor:
ARM
ARM
Description
The vulnerability allows a remote attacker to downgrade TLS connection.
The issue exists due to the application does not have version negotiations process implemented when using TLS 1.3. An attacker can downgrade TLS 1.3 to previously used protocol potentially allowing MitM attacks.
Remediation
Install updates from vendor's website.