CVE-2025-66215 LOW

CVE-2025-66215: OpenSC: Stack-buffer-overflow WRITE in card-oberthur

Vendor Opensc
Product OpenSC
Weakness CWE-121
Published March 30, 2026
Last update March 31, 2026

CVSS base score

3.8/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Key dates

02Disclosure timeline

March 30, 2026 CVE published
March 31, 2026 Record updated