#VU124808 Use of insufficiently random values in mbed TLS - CVE-2026-25835
Published: April 2, 2026
Vulnerability identifier: #VU124808
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-25835
CWE-ID: CWE-330
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
mbed TLS
mbed TLS
Software vendor:
ARM
ARM
Description
The vulnerability allows a local user to obtain predictable random numbers.
The vulnerability exists due to insufficient randomness in the PSA random generator when application state is cloned. A local user can exploit system or application cloning scenarios such as fork(), VM cloning, or hibernation resume to cause multiple instances to generate identical random outputs, enabling prediction of cryptographic keys and nonces.
Applications that use the PSA random generator are affected when the system or application state is cloned without reseeding the generator. This includes scenarios such as fork() on Unix-like systems, virtual machine cloning, and resuming hibernation images multiple times.
Remediation
Install security update from vendor's website.