CVE-2025-49010

EUVD-2025-209124
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
3.8 LOW
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
opensc_projectopensc
𝑥
< 0.27.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
opensc-projectopensc
𝑥
< 0.27.0
CNA
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opensc
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010