diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
index bd15d3a8bd..913c185068 100644
--- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt
+++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
@@ -19,3 +19,4 @@ Security
      The library will now prevent the handshake and return
      MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
      if mbedtls_ssl_set_hostname() has not been called.
+     CVE-2025-27809