CVE-2026-25833 Vulnerability Summary Vulnerability Overview Vulnerability Details: When the platform/toolchain does not provide the function, the Mbed TLS library provides its own implementation. This implementation uses the macro as a heuristic check. In the function, when detecting the IPv4-mapped address portion, it backtracks to the buffer start position and calls another parsing function. Due to a logic flaw, this backtracking may exceed the buffer start position, resulting in a buffer underflow of up to 4 bytes. Affected Scope Affected Versions: Mbed TLS 3.5.0 to 3.6.5, and 4.0.0 Unaffected Versions: Mbed TLS 3.6.6 and higher 3.6.x versions, 4.1.0 and higher 4.x versions Potential Impact: On certain platforms (such as those with memory protection where the underflow crosses a page boundary), this may lead to Denial of Service (DoS). Remediation Solutions Temporary Mitigation Measures Use a toolchain that provides and defines the macro. Official Fix Upgrade to the following versions: Mbed TLS 3.6.6 or higher Mbed TLS 4.1.0 or higher Fix Commits (for maintenance branches) > Note: Users maintaining custom branches may reference the above commits for backporting fixes, but these commits may not apply directly to older versions and are not guaranteed to provide a complete fix.