Stack Buffer Overflow in OpenSC Smart Card Middleware
CVE-2025-66215

3.8LOW

Key Information:

Vendor

Opensc

Status
Opensc
Vendor
CVE Published:
30 March 2026

What is CVE-2025-66215?

OpenSC, an open-source middleware for smart card tools, contains a vulnerability that allows an attacker with physical access to a computer to exploit a stack-buffer overflow condition. This occurs specifically when the user or administrator interacts with a token. The attack can be executed using a specially crafted USB device or smart card that returns custom responses to APDU commands. The vulnerability has been addressed in version 0.27.0, which users are encouraged to upgrade to in order to mitigate potential risks.

Affected Version(s)

OpenSC < 0.27.0

References

https://github.com/OpenSC/OpenSC/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/OpenSC/OpenSC/pull/3436
x_refsource_MISC
https://github.com/OpenSC/OpenSC/commit/efd1d479832141bcf...
x_refsource_MISC

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.