← Back to CVE List
CVE-2025-27809
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt