ByteOS Network

NVD Vulnerability Details :

CVE-2025-66215

Analyzed

Source-security-advisories@github.com

Published At-30 Mar, 2026 | 18:16

Updated At-01 Apr, 2026 | 17:28

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	3.8	LOW	CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Primary	3.1	6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 3.8

Base severity: LOW

Vector:

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Type: Primary

Version: 3.1

Base score: 6.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

opensc_project>>opensc>>Versions before 0.27.0(exclusive)

cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*