← back
CVE-2025-49010

OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

CVSS 3.8 LOWEPSS 0.1%CWE-121
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected products
OpenSC · OpenSC

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010