CVE-2025-66215

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.27.0

Description OpenSC is an open source smart card tools and middleware. An attacker with physical access to a computer while a user or administrator is utilizing a token can trigger a stack-based buffer overflow in the card-oberthur component. The attack requires a specifically crafted USB device or smart card that sends specially designed responses to the Application Protocol Data Units (APDUs). APDUs are messages exchanged between a smart card reader and a smart card.

Recommendations Update to version 0.27.0 or later.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2025-66215

GHSA-Q5FC-CW56-HWP2

OPENSUSE-SU-2026:10475-1

SUSE-SU-2026:1477-1

SUSE-SU-2026:21283-1

SUSE-SU-2026:21320-1

Affected Products

Opensc

CVE-2025-66215

Weakness Enumeration

Related Identifiers

Affected Products

References · 29