CVE-2025-49010 — Stack-based Buffer Overflow in Opensc

CWE-121 — Stack-based Buffer Overflow CWE-120 — Classic Buffer Overflow7 documents7 sources

Severity

6.8MEDIUMNVD

CNA3.8

EPSS

0.0%

top 96.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensc Opensc Project Opensc

Timeline

PublishedMar 30

Description

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5opensc/opensc< 0.27.0

▶NVDopensc_project/opensc< 0.27.0

▶Debianopensc_project/opensc< 0.27.0~rc1-1

🔴Vulnerability Details

OSV

CVE-2025-49010: OpenSC is an open source smart card tools and middleware↗2026-03-30

▶

CVEList

OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE↗2026-03-30

▶

📋Vendor Advisories

Red Hat

OpenSC: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses↗2026-03-30

▶

Debian

CVE-2025-49010: opensc - OpenSC is an open source smart card tools and middleware. Prior to version 0.27....↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-49010 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2025-49010 opensc: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses [fedora-all]↗2026-03-30

▶