What is the CVSS score of CVE-2025-66037?

CVE-2025-66037 has a CVSS 3.1 base score of 3.9 (Low). CVSS vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2025-66037?

Yes, a patch is available for CVE-2025-66037. Update the affected software to the latest version immediately.

Opensc CVE-2025-66037

EUVD-2025-209126 LOW

Out-of-bounds Read (CWE-125)

2026-03-30 GitHub_M

Information Disclosure Buffer Overflow Opensc

3.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

3.9 LOW

AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Red Hat

3.9 LOW

qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Physical

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

0.27.0

EUVD ID Assigned

Mar 30, 2026 - 17:36 euvd

EUVD-2025-209126

Analysis Generated

Mar 30, 2026 - 17:36 vuln.today

CVE Published

Mar 30, 2026 - 17:01 nvd

LOW 3.9

DescriptionGitHub Advisory

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.

AnalysisAI

Out-of-bounds heap read in OpenSC prior to version 0.27.0 allows local attackers with physical access to smart card interfaces to trigger information disclosure and potential denial of service via crafted X.509/SPKI input to the pkcs15_reader function. The vulnerability stems from sc_pkcs15_pubkey_from_spki_fields() allocating a zero-length buffer and reading one byte beyond its bounds. No public exploit code or active exploitation has been identified; patch is available in version 0.27.0.

Technical ContextAI

OpenSC is open-source middleware for interacting with smart cards and cryptographic tokens. The vulnerability resides in X.509 Subject Public Key Information (SPKI) parsing within the PKCS#15 reader component. The root cause is a classic out-of-bounds read (CWE-125) in sc_pkcs15_pubkey_from_spki_fields(), which allocates a zero-length heap buffer and immediately performs a one-byte read operation beyond the allocation boundary. This occurs during processing of crafted smart card or PKCS#15 container inputs, typically through the fuzz_pkcs15_reader harness. The physical attack vector (AV:P in CVSS) indicates the attacker must have direct or logical access to the smart card interface, such as through a card reader device or local system access.

RemediationAI

Vendor-released patch: upgrade to OpenSC version 0.27.0 or later. Users should apply this update through their distribution's package manager (e.g., apt-get update && apt-get upgrade opensc on Debian/Ubuntu, or equivalent for other systems) or download directly from https://github.com/OpenSC/OpenSC/releases. No workarounds are documented; mitigation relies on eliminating physical access to untrusted smart card readers or restricting PKCS#15 input sources to trusted card providers only. Applications using embedded or vendored copies of OpenSC should coordinate patching with their dependency management workflows and test thoroughly with their existing smart card configurations before deployment.

Vendor StatusVendor

CVE-2025-66037 vulnerability details – vuln.today

Back