Home > Vulnerability Database > CVE-2025-27498

Mend.io Vulnerability Database

CVE-2025-27498

Date: March 3, 2025

aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be returned with the plaintext contents still in buffer. The vulnerability is fixed in 0.4.3.

Severity Score

5.3

Related Resources (5)

Url: https://github.com/RustCrypto/AEADs

Url: https://github.com/RustCrypto/AEADs/commit/d1d749ba57e38e65b0e037cd744d0b17f7254037

Url: https://github.com/RustCrypto/AEADs/security/advisories/GHSA-r38m-44fw-h886

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27498

Url: https://www.mend.io/vulnerability-database/CVE-2025-27498

Severity Score

5.3

Weakness Type (CWE)

Improper Verification of Cryptographic Signature

CWE-347

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27498

Date: March 3, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?