CVE-2025-66215
OpenSC: Stack-buffer-overflow WRITE in card-oberthur
CVSS Score
3.8
EPSS Score
0.0%
EPSS Percentile
5th
OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.
| CWE | CWE-121 |
| Vendor | opensc |
| Product | opensc |
| Published | Mar 30, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for opensc opensc
Be the first to know when new low vulnerabilities affecting opensc opensc are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Attack Vector
Physical
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected Versions
OpenSC / OpenSC
< 0.27.0