diff --git a/library/common.h b/library/common.h
index 7bb2674293..50f2a29a72 100644
--- a/library/common.h
+++ b/library/common.h
@@ -434,4 +434,20 @@ static inline void mbedtls_xor_no_simd(unsigned char *r,
 #    define MBEDTLS_MAYBE_UNUSED
 #endif
 
+/* GCC >= 15 has a warning 'unterminated-string-initialization' which complains if you initialize
+ * a string into an array without space for a terminating NULL character. In some places in the
+ * codebase this behaviour is intended, so we add the macro MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+ * to suppress the warning in these places.
+ */
+#if defined(__has_attribute)
+#if __has_attribute(nonstring)
+#define MBEDTLS_HAS_ATTRIBUTE_NONSTRING
+#endif /* __has_attribute(nonstring) */
+#endif /* __has_attribute */
+#if defined(MBEDTLS_HAS_ATTRIBUTE_NONSTRING)
+#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING __attribute__((nonstring))
+#else
+#define MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING
+#endif /* MBEDTLS_HAS_ATTRIBUTE_NONSTRING */
+
 #endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index dcbfcf0329..1967883b61 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -83,7 +83,7 @@ struct mbedtls_ssl_tls13_labels_struct const mbedtls_ssl_tls13_labels =
  */
 
 /* We need to tell the compiler that we meant to leave out the null character. */
-static const char tls13_label_prefix[6] __attribute__ ((nonstring)) = "tls13 ";
+static const char tls13_label_prefix[6] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "tls13 ";
 
 #define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN(label_len, context_len) \
     (2                     /* expansion length           */ \
diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index f6d02b522a..1509e9a4d4 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -42,7 +42,7 @@
 
 /* We need to tell the compiler that we meant to leave out the null character. */
 #define MBEDTLS_SSL_TLS1_3_LABEL(name, string)       \
-    const unsigned char name    [sizeof(string) - 1] __attribute__ ((nonstring));
+    const unsigned char name    [sizeof(string) - 1] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING;
 
 union mbedtls_ssl_tls13_labels_union {
     MBEDTLS_SSL_TLS1_3_LABEL_LIST
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6c534761e0..b4ff66ae9f 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -3481,7 +3481,8 @@ void mac_setup(int key_type_arg,
     psa_status_t status = PSA_ERROR_GENERIC_ERROR;
 #if defined(KNOWN_SUPPORTED_MAC_ALG)
     /* We need to tell the compiler that we meant to leave out the null character. */
-    const uint8_t smoke_test_key_data[16] __attribute__ ((nonstring)) = "kkkkkkkkkkkkkkkk";
+    const uint8_t smoke_test_key_data[16] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+        "kkkkkkkkkkkkkkkk";
 #endif
 
     PSA_ASSERT(psa_crypto_init());
@@ -3919,7 +3920,8 @@ void cipher_setup(int key_type_arg,
     psa_status_t status;
 #if defined(KNOWN_SUPPORTED_CIPHER_ALG)
     /* We need to tell the compiler that we meant to leave out the null character. */
-    const uint8_t smoke_test_key_data[16] __attribute__ ((nonstring)) = "kkkkkkkkkkkkkkkk";
+    const uint8_t smoke_test_key_data[16] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING =
+        "kkkkkkkkkkkkkkkk";
 #endif
 
     PSA_ASSERT(psa_crypto_init());
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 4177a0535f..aa375a2d04 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -378,8 +378,8 @@ void create_existent(int lifetime_arg, int owner_id_arg, int id_arg,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_type_t type1 = PSA_KEY_TYPE_RAW_DATA;
     /* We need to tell the compiler that we meant to leave out the null character. */
-    const uint8_t material1[5] __attribute__ ((nonstring)) = "a key";
-    const uint8_t material2[5] __attribute__ ((nonstring)) = "b key";
+    const uint8_t material1[5] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "a key";
+    const uint8_t material2[5] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "b key";
     size_t bits1 = PSA_BYTES_TO_BITS(sizeof(material1));
     uint8_t reexported[sizeof(material1)];
     size_t reexported_length;
diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function
index 46f9617f2d..2d75a29bc5 100644
--- a/tests/suites/test_suite_ssl_decrypt.function
+++ b/tests/suites/test_suite_ssl_decrypt.function
@@ -38,7 +38,7 @@ void ssl_decrypt_null(int hash_id)
                               MBEDTLS_SSL_TRANSPORT_STREAM,
                               version);
     /* We need to tell the compiler that we meant to leave out the null character. */
-    const char sample_plaintext[3] __attribute__ ((nonstring)) = "ABC";
+    const char sample_plaintext[3] MBEDTLS_ATTRIBUTE_UNTERMINATED_STRING = "ABC";
     mbedtls_ssl_context ssl;
     mbedtls_ssl_init(&ssl);
     uint8_t *buf = NULL;