CVE-2025-69893

Name of the Vulnerable Software and Affected Versions Trezor One versions 1.13.0 through 1.14.0 Trezor T versions 1.13.0 through 1.14.0 Trezor Safe versions 1.13.0 through 1.14.0

Description A side-channel issue exists in the implementation of BIP-39 mnemonic processing. This is caused by BIP-39 standard guidelines that lead to non-constant time execution and specific branch patterns during word searching. An attacker with physical access during the initial setup phase can collect a side-channel trace and use profiling-based Deep Learning Side-Channel Analysis (DL-SCA)—a method of using neural networks to identify patterns in power consumption or electromagnetic emissions—to recover the mnemonic code and steal assets.

Recommendations Update Trezor One to a version later than 1.14.0. Update Trezor T to a version later than 1.14.0. Update Trezor Safe to a version later than 1.14.0.