CVE-2025-66037

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.27.0

Description OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, providing a crafted input to the fuzz pkcs15 reader harness results in an out-of-bounds heap read within the X.509/SPKI handling path. Specifically, the sc pkcs15 pubkey from spki fields() function allocates a zero-length buffer and subsequently attempts to read one byte beyond the allocated memory.

Recommendations Update to version 0.27.0 or later.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2025-66037

GHSA-M58Q-RMJM-MMFX

OPENSUSE-SU-2026:10475-1

SUSE-SU-2026:1477-1

SUSE-SU-2026:21283-1

SUSE-SU-2026:21320-1

Affected Products

Opensc

CVE-2025-66037

Weakness Enumeration

Related Identifiers

Affected Products

References · 27