Home / Vulnerability Intelligence / CVE-2025-66038

CVE-2025-66038 - Vulnerability Analysis

LowCVSS: 3.9

Last Updated: April 1, 2026

OpenSC - Memory Corruption

Published: March 30, 2026Updated: April 1, 2026PoC Available

Overview

OpenSC < 0.27.0 contains a buffer over-read caused by improper validation of claimed value length in sc_compacttlv_find_tag, letting attackers influence out-of-bounds pointers leading to memory corruption, exploit requires untrusted input data.

Severity & Score

Severity: Low

CVSS Score: 3.9

Impact

Attackers can cause memory corruption by influencing out-of-bounds pointers, potentially leading to crashes or code execution.

Mitigation

Update to version 0.27.0 or later.

References

https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-66038
Severity: Low
CVSS Score: 3.9
Type: undefined
Status: confirmed

CWE

CWE-126

CVSS Metrics

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L