Use of insufficiently random values in mbed TLS - CVE-2026-25835
Published: April 2, 2026
Vulnerability identifier: #VU124808
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-25835
CWE-ID: CWE-330
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: ARM
Affected software:
mbed TLS
mbed TLS
Detailed vulnerability description
The vulnerability allows a local user to obtain predictable random numbers.
The vulnerability exists due to insufficient randomness in the PSA random generator when application state is cloned. A local user can exploit system or application cloning scenarios such as fork(), VM cloning, or hibernation resume to cause multiple instances to generate identical random outputs, enabling prediction of cryptographic keys and nonces.
Applications that use the PSA random generator are affected when the system or application state is cloned without reseeding the generator. This includes scenarios such as fork() on Unix-like systems, virtual machine cloning, and resuming hibernation images multiple times.
How to mitigate CVE-2026-25835
Install security update from vendor's website.