CVE-2025-66215

| EUVD-2025-209129 LOW
2026-03-30 GitHub_M
3.8
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 30, 2026 - 17:36 vuln.today
EUVD ID Assigned
Mar 30, 2026 - 17:36 euvd
EUVD-2025-209129
CVE Published
Mar 30, 2026 - 17:06 nvd
LOW 3.8

Tags

Buffer Overflow Stack Overflow

Description

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Analysis

Stack-buffer overflow in OpenSC's card-oberthur module (versions prior to 0.27.0) allows local attackers with physical access to trigger memory corruption via specially crafted APDU responses from a malicious USB device or smart card, potentially causing denial of service or limited information disclosure. The attack requires the user or administrator to actively use a token during the compromise window, and the vulnerability has been patched in version 0.27.0. No public exploit code or active exploitation has been confirmed at the time of analysis.

Technical Context

OpenSC is middleware for smart card and hardware token management on Unix-like and Windows systems. The vulnerability exists in the card-oberthur module, which handles APDU (Application Protocol Data Unit) communication with Oberthur smart card tokens. The root cause is classified as CWE-121 (Stack-based Buffer Overflow), indicating improper bounds checking when processing card responses. An attacker must craft a malicious USB device or compromise a smart card to respond with oversized data that exceeds stack buffer boundaries in the card-oberthur implementation. The affected CPE range cpe:2.3:a:opensc:opensc:*:*:*:*:*:*:*:* indicates all OpenSC versions prior to 0.27.0 are vulnerable.

Affected Products

OpenSC versions prior to 0.27.0 are affected, covering all releases before the patch (CPE: cpe:2.3:a:opensc:opensc:*:*:*:*:*:*:*:*). This includes stable releases across all platforms supported by OpenSC (Windows, Linux, macOS, and other Unix-like systems). Users running version 0.27.0 or later are not affected. The card-oberthur module is specific to Oberthur brand smart cards and tokens, so systems not using such tokens are unaffected even if OpenSC is installed.

Remediation

Vendor-released patch: OpenSC version 0.27.0. Users should upgrade to version 0.27.0 or later to receive the security fix. The patched version addresses the stack-buffer-overflow in card-oberthur by implementing proper bounds checking on APDU response handling. No workarounds are available for versions prior to 0.27.0. See the upstream advisory at https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2 and the patch commit at https://github.com/OpenSC/OpenSC/commit/efd1d479832141bcf705c2f47655ada4d5f92f5d for technical details.

Priority Score

19
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +19
POC: 0

Vendor Status

Share

CVE-2025-66215 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy