CVE-2025-54764 identifies a timing attack vulnerability in Mbed TLS versions prior to 3.6.5. The vulnerability arises from the implementation of certain RSA cryptographic operations and direct invocations of the modular arithmetic functions mbedtls_mpi_mod_inv and mbedtls_mpi_gcd. Timing attacks exploit variations in the time taken to perform cryptographic computations to infer secret key material. In this case, a local attacker with access to the system can measure the time taken by these RSA operations or modular inverse/gcd calculations to extract sensitive information such as private RSA keys. The vulnerability is local, meaning remote exploitation is not feasible without local code execution or access. No CVSS score has been assigned yet, and no known exploits have been reported in the wild. The vulnerability impacts the confidentiality of cryptographic keys, potentially undermining the security guarantees of systems relying on Mbed TLS for RSA encryption or signing. Mbed TLS is widely used in embedded systems, IoT devices, and applications requiring lightweight cryptography, making this vulnerability relevant for a broad range of devices and software stacks. The fix involves updating to Mbed TLS version 3.6.5 or later, where constant-time implementations mitigate timing leakage. Developers should also avoid direct calls to the vulnerable modular arithmetic functions or ensure they are protected against timing side-channels. Given the local nature of the attack, system access controls and monitoring are important complementary defenses.

The primary impact of CVE-2025-54764 is the compromise of confidentiality through leakage of RSA private key material via timing side-channel analysis. For European organizations, this can undermine the security of encrypted communications, digital signatures, and authentication mechanisms relying on RSA keys protected by Mbed TLS. Sectors such as industrial control systems, telecommunications, healthcare devices, and IoT deployments that use Mbed TLS are particularly at risk. Successful exploitation could lead to unauthorized decryption of sensitive data, impersonation, or further lateral movement within networks. Although exploitation requires local access, the widespread use of Mbed TLS in embedded and IoT devices increases the attack surface, especially in environments with less stringent physical or local access controls. The absence of known exploits suggests limited immediate risk, but the vulnerability could be leveraged in targeted attacks against critical infrastructure or high-value assets. The impact on availability and integrity is minimal, but the breach of confidentiality alone warrants serious concern, especially for compliance with European data protection regulations such as GDPR.

1. Upgrade all affected systems to Mbed TLS version 3.6.5 or later, where the timing attack vulnerability has been addressed with constant-time implementations. 2. Audit application code to identify and refactor any direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd functions, replacing them with secure alternatives or ensuring they are executed in constant time. 3. Implement strict local access controls and monitoring to prevent unauthorized users from gaining the local access required to perform timing measurements. 4. Employ hardware security modules (HSMs) or secure elements for cryptographic operations where feasible, as these often provide resistance against timing attacks. 5. Conduct regular security assessments and penetration tests focusing on side-channel vulnerabilities in cryptographic implementations. 6. Educate developers and security teams about side-channel risks and secure coding practices for cryptographic libraries. 7. Monitor vendor advisories and threat intelligence feeds for any emerging exploits or patches related to this vulnerability.