CVE-2025-49010 LOW

CVE-2025-49010: OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

Vendor Opensc
Product OpenSC
Weakness CWE-121
Published March 30, 2026
Last update March 30, 2026

CVSS base score

3.8/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Key dates

02Disclosure timeline

March 30, 2026 CVE published
March 30, 2026 Record updated

Related vulnerabilities

04Related CVE