Home / Vulnerability Intelligence / CVE-2025-66037

CVE-2025-66037 - Vulnerability Analysis

LowCVSS: 3.9

Last Updated: April 1, 2026

OpenSC - Out of Bounds Read

Published: March 30, 2026Updated: April 1, 2026PoC Available

Overview

OpenSC < 0.27.0 contains an out-of-bounds read caused by improper buffer allocation in sc_pkcs15_pubkey_from_spki_fields during X.509/SPKI handling, letting attackers cause memory corruption, exploit requires crafted input.

Severity & Score

Severity: Low

CVSS Score: 3.9

Impact

Attackers can cause out-of-bounds heap read leading to potential memory corruption or application crash.

Mitigation

Update to version 0.27.0 or later.

References

https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-66037
Severity: Low
CVSS Score: 3.9
Type: out_of_bounds_rw
Status: confirmed

CWE

CWE-125

CVSS Metrics

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L