Stack Buffer Overflow in OpenSC Smart Card Tools and Middleware
CVE-2025-49010

3.8LOW

Key Information:

Vendor: Opensc
Status: Opensc
Vendor: CVE Published:; 30 March 2026

What is CVE-2025-49010?

An open source smart card tools and middleware, OpenSC, is vulnerable to a stack buffer overflow. If a user or administrator interacts with a token while an attacker has physical access to the computer, it can be exploited using a crafted USB device or smart card that presents specially crafted responses to APDUs. This issue allows for unauthorized manipulation of data during the GET RESPONSE operation. It has been resolved in version 0.27.0 of OpenSC.

Affected Version(s)

OpenSC < 0.27.0

References

https://github.com/OpenSC/OpenSC/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010

x_refsource_MISC

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2026
Vulnerability Reserved
May 29, 2025

CVE-2025-49010 Data

JSON

Opensc

What is CVE-2025-49010?

Affected Version(s)

References

CVSS V3.1

Timeline