{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-27839", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-10T17:19:25.047Z", "dateReserved": "2025-03-07T00:00:00.000Z", "datePublished": "2025-03-07T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Android"], "product": "SDK", "vendor": "Tangem", "versions": [{"lessThan": "5.18.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1025", "description": "CWE-1025 Comparison Using Wrong Factors", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-07T23:55:24.204Z"}, "references": [{"url": "https://tangem.com/en/blog/post/app-update/"}, {"url": "https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07"}, {"url": "https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T17:19:00.674527Z", "id": "CVE-2025-27839", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T17:19:25.047Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27839", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T17:19:00.674527Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T17:19:12.324Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}}], "affected": [{"vendor": "Tangem", "product": "SDK", "versions": [{"status": "affected", "version": "0", "lessThan": "5.18.3", "versionType": "custom"}], "platforms": ["Android"], "defaultStatus": "unaffected"}], "references": [{"url": "https://tangem.com/en/blog/post/app-update/"}, {"url": "https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07"}, {"url": "https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1025", "description": "CWE-1025 Comparison Using Wrong Factors"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-03-07T23:55:24.204Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27839", "state": "PUBLISHED", "dateUpdated": "2025-03-10T17:19:25.047Z", "dateReserved": "2025-03-07T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-03-07T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible."}, {"lang": "es", "value": "operations/attestation/AttestationTask.kt en el SDK de Tangem anterior a la versi\u00f3n 5.18.3 para Android tiene un flujo l\u00f3gico en la certificaci\u00f3n de billetera sin conexi\u00f3n (verificaci\u00f3n de autenticidad) que hace que los resultados de la verificaci\u00f3n se ignoren durante el primer escaneo de una tarjeta. Es posible que no haya sido posible explotarlo."}], "id": "CVE-2025-27839", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-03-08T00:15:38.340", "references": [{"source": "cve@mitre.org", "url": "https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07"}, {"source": "cve@mitre.org", "url": "https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409"}, {"source": "cve@mitre.org", "url": "https://tangem.com/en/blog/post/app-update/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1025"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{}