CVE-2025-47917 | Mbed TLS up to 3.6.3 mbedtls_x509_string_to_names head use after free (EUVD-2025-22035 / EDB-52427)
A vulnerability labeled as critical has been found in Mbed TLS up to 3.6.3. This impacts the function mbedtls_x509_string_to_names. The manipulation of the argument head results in use after free.
This vulnerability is known as CVE-2025-47917. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The affected component should be upgraded.