anonhaven
Ad

CVE-2025-66215

LOW CVSS 3.1: 3.8 EPSS 0.02%
Updated Mar 30, 2026
Opensc
Parameter Value
CVSS 3.8 (LOW)
Fixed In 0.27.0
Type CWE-121 (Stack-based Buffer Overflow)
Vendor Opensc
Public PoC No

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs.

This issue has been patched in version 0.27.0.

Attack Parameters

Attack Vector
Physical
Requires physical access
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-121 Stack-based Buffer Overflow

References 4

https://github.com/OpenSC/OpenSC/commit/efd1d479832141bcf705c2f47655ada4d5f92f5d
security-advisories@github.com
https://github.com/OpenSC/OpenSC/pull/3436
security-advisories@github.com
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2
security-advisories@github.com
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-66038

Opensc

3.9

CVE-2025-66037

Opensc

3.9

CVE-2025-49010

Opensc

3.8