CVE-2025-49010 — LOW (3.8) — White Hats Nepal

Q: How severe is CVE-2025-49010?

CVE-2025-49010 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-49010?

Check the references section above for vendor advisories and patch information. Affected products include: Opensc Project Opensc.

Vulnerability Description

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.

CVSS Score

3.8

LOW

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Opensc Project	Opensc	< 0.27.0

Related Weaknesses (CWE)

CWE-121

References

https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4Vendor Advisory
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010Vendor Advisory

FAQ

What is CVE-2025-49010?

CVE-2025-49010 is a vulnerability with a CVSS score of 3.8 (LOW). OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buf...

How severe is CVE-2025-49010?

CVE-2025-49010 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-49010?

Check the references section above for vendor advisories and patch information. Affected products include: Opensc Project Opensc.