Skip to main content

OpenSC CVE-2025-13763

| EUVDEUVD-2025-209564 MEDIUM
Use of Uninitialized Variable (CWE-457)
2026-04-23 redhat
5.7
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
5.7 MEDIUM
AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.7 LOW
qualitative

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

6
Patch released
Apr 24, 2026 - 14:50 nvd
Patch available
Patch available
Apr 23, 2026 - 14:01 EUVD
Analysis Generated
Apr 23, 2026 - 13:15 vuln.today
EUVD ID Assigned
Apr 23, 2026 - 12:45 euvd
EUVD-2025-209564
Analysis Generated
Apr 23, 2026 - 12:45 vuln.today
CVE Published
Apr 23, 2026 - 12:27 nvd
MEDIUM 5.7

DescriptionCVE.org

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs

AnalysisAI

Uninitialized variable usage in OpenSC's libopensc library enables information disclosure and denial of service when processing specially crafted responses from malicious USB devices or smart cards. Attackers must physically present a crafted USB or smart card device to trigger the vulnerability, which reads uninitialized memory from the stack or heap, potentially exposing sensitive data or causing application crashes. No public exploit code has been identified at time of analysis.

Technical ContextAI

OpenSC is a middleware library that provides access to smart cards and hardware security tokens via standard interfaces. The vulnerability resides in libopensc, which handles Application Protocol Data Unit (APDU) communication with smart card readers and USB-based security devices. The flaw involves multiple instances of uninitialized variables-memory regions that are declared but not explicitly set before use. When processing specially crafted APDU responses from a malicious device, these uninitialized variables retain whatever data was previously stored in memory, leading to information leaks or undefined behavior. The CVSS vector indicates physical attack vector (AV:P), meaning an attacker must have direct access to the system's USB ports or card reader interface.

RemediationAI

Apply the patched version of OpenSC released by the OpenSC project (version and release date available in GHSA-2v44-fq35-98vv advisory at https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv). For Red Hat Enterprise Linux systems, apply security updates via the Red Hat Security Advisory corresponding to CVE-2025-13763 (reference: https://access.redhat.com/security/cve/CVE-2025-13763). No workarounds exist to disable the affected code path without losing smart card functionality. Interim risk reduction measures include physically restricting USB and card reader access to trusted administrators, disabling unused smart card reader hardware in BIOS/UEFI if the system does not require physical token authentication, and isolating systems running OpenSC in high-security environments from untrusted physical access. Each mitigation trades off functionality or convenience against risk, so organizations should prioritize patching rather than relying on compensating controls.

More in Opensc

View all
CVE-2019-6502 HIGH POC
7.5 Jan 22

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv. Rated

CVE-2018-16393 MEDIUM POC
6.8 Sep 03

Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15

CVE-2018-16392 MEDIUM POC
6.8 Sep 03

Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC

CVE-2018-16391 MEDIUM POC
6.8 Sep 03

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in O

CVE-2018-16425 MEDIUM POC
6.6 Sep 04

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenS

CVE-2018-16424 MEDIUM POC
6.6 Sep 04

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-r

CVE-2018-16423 MEDIUM POC
6.6 Sep 04

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0

CVE-2018-16422 MEDIUM POC
6.6 Sep 04

A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs1

CVE-2018-16421 MEDIUM POC
6.6 Sep 04

Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c

CVE-2018-16420 MEDIUM POC
6.6 Sep 04

Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003

CVE-2018-16419 MEDIUM POC
6.6 Sep 04

Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in

CVE-2018-16418 MEDIUM POC
6.6 Sep 04

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 coul

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2025-13763 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy