Low severity3.8NVD Advisory· Published Mar 30, 2026· Updated Apr 1, 2026

CVE-2025-49010

Description

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

Affected products

Opensc Project/Opensc
cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*
Range: <0.27.0

Patches

aca07679a6dd

https://github.com/opensc/openscvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.247
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000