View at Official alpine advisory, NVD, CVE.org · CVE detail
Freshness: no update timestamp found; verify against the upstream OS advisory manually.
CVE-2025-27809: 2 source package rows (mbedtls, mbedtls2); 89 state rows across 10 repos (3.18-main, 3.19-main, 3.20-main, 3.21-community, 3.21-main, 3.22-community, 3.22-main, 3.23-community, edge-community, edge-main); fixed 10, open 79.
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.