CVE-2025-49601 is a medium-severity vulnerability affecting MbedTLS versions from 3.3.0 up to but not including 3.6.4. The flaw resides in the function mbedtls_lms_import_public_key, which is responsible for importing LMS (Leighton-Micali Signature) public keys. Specifically, the function reads a 4-byte type indicator from the input buffer before verifying that the buffer is at least 4 bytes long. This lack of proper input size validation leads to an out-of-bounds read (CWE-125) when the input buffer is truncated to fewer than 4 bytes. An attacker can exploit this by supplying a malformed or truncated LMS public key buffer, causing the function to read memory beyond the intended buffer boundary. The consequences include potential application crashes (denial of service) or limited disclosure of adjacent memory contents, which may leak sensitive information depending on the context. The vulnerability does not require authentication or user interaction but has a high attack complexity, as the attacker must supply a carefully crafted truncated input. The CVSS v3.1 base score is 4.8, reflecting a network attack vector with no privileges required, but with high complexity and limited confidentiality impact. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that remediation may still be pending or in progress. This vulnerability highlights a classic input validation error in cryptographic library code, which could undermine the security assurances of cryptographic operations relying on LMS public keys if exploited.

For European organizations, the impact of CVE-2025-49601 depends largely on the extent to which MbedTLS is used in their cryptographic infrastructure, particularly in systems employing LMS signatures. MbedTLS is widely used in embedded devices, IoT products, and some network appliances. An out-of-bounds read vulnerability can lead to denial of service through application crashes, potentially disrupting critical services. Additionally, limited adjacent memory disclosure could expose sensitive cryptographic material or other confidential data, increasing the risk of further compromise. Organizations in sectors such as telecommunications, industrial control systems, and critical infrastructure that rely on embedded devices using MbedTLS are at higher risk. The vulnerability’s medium severity suggests it is not likely to cause widespread catastrophic impact but could be leveraged as part of a multi-stage attack chain. European entities with stringent data protection regulations (e.g., GDPR) must consider the confidentiality implications of memory disclosure. Furthermore, disruption of services due to crashes could affect availability commitments and operational continuity.

To mitigate CVE-2025-49601, European organizations should: 1) Identify all systems and devices using affected MbedTLS versions (3.3.0 up to 3.6.4) especially those handling LMS signatures. 2) Apply vendor-supplied patches or updates as soon as they become available; if no official patch exists yet, monitor vendor advisories closely. 3) Implement input validation and sanitization at higher application layers to ensure that LMS public key buffers are not truncated or malformed before being passed to mbedtls_lms_import_public_key. 4) Employ runtime protections such as memory safety tools (e.g., AddressSanitizer) during development and testing to detect out-of-bounds reads. 5) Restrict network exposure of services that process LMS keys to trusted networks to reduce attack surface. 6) Monitor logs and application behavior for crashes or anomalies that may indicate exploitation attempts. 7) Consider compensating controls such as application-layer firewalls or intrusion detection systems tuned to detect malformed LMS key inputs. These steps go beyond generic advice by focusing on proactive identification, patch management, input validation, and runtime monitoring tailored to this specific vulnerability.