CVE-2025-61730 in crypto-tls
Summary
by MITRE • 01/28/2026
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/02/2026
This vulnerability exists within the TLS 1.3 handshake mechanism where the processing of multiple messages within a single record can occur before the encryption level transitions properly. The flaw occurs when messages that span different encryption boundaries are processed in sequence without proper synchronization of the encryption state changes. This timing issue allows for potential information disclosure when network-local attackers can inject messages during the handshake phase. The vulnerability specifically impacts the cryptographic integrity of the TLS 1.3 protocol implementation and represents a deviation from the expected protocol behavior where encryption levels should be fully established before subsequent message processing begins.
The technical root cause of CVE-2025-61730 stems from improper handling of encryption state transitions during the TLS 1.3 handshake process. When multiple handshake messages are bundled within a single TLS record, the system fails to ensure that all messages within that record are processed under the correct encryption context. This creates a window where messages intended for different encryption levels may be processed out of order or before the encryption level has been properly updated. The vulnerability manifests as a race condition between message processing and encryption state management, which can result in sensitive information being exposed through the improper handling of cryptographic contexts.
The operational impact of this vulnerability is significant for systems that rely on TLS 1.3 for secure communications, particularly in environments where network-local attackers have the capability to inject packets during the handshake phase. Attackers can potentially exploit this weakness to extract information about the cryptographic handshake process, including details about the encryption keys being negotiated or the sequence of handshake messages being exchanged. This information disclosure could provide attackers with insights that might aid in more sophisticated attacks against the TLS implementation. The vulnerability is particularly concerning in scenarios involving high-security communications where maintaining the confidentiality and integrity of the handshake process is critical for overall system security.
Mitigation strategies for CVE-2025-61730 should focus on implementing proper synchronization mechanisms for encryption state transitions during the TLS 1.3 handshake. Systems should ensure that all messages within a single record are processed under the correct encryption context before allowing any state changes to occur. Network administrators should consider implementing stricter packet filtering rules to prevent unauthorized message injection during handshake phases, particularly in environments where such attacks are possible. Additionally, updating to patched versions of TLS implementations that properly handle encryption boundary transitions will address the core vulnerability. Organizations should also conduct thorough testing of their TLS implementations to verify that encryption state transitions occur correctly and that no information disclosure occurs during the handshake process, aligning with the security requirements outlined in industry standards such as those referenced in CWE-362 and ATT&CK technique T1566 for network injection attacks.