{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66037", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-11-21T01:08:02.615Z", "datePublished": "2026-03-30T17:01:27.790Z", "dateUpdated": "2026-03-30T20:14:39.203Z"}, "containers": {"cna": {"title": "OpenSC: Out of Bounds vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx"}, {"name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037"}], "affected": [{"vendor": "OpenSC", "product": "OpenSC", "versions": [{"version": "< 0.27.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T17:01:27.790Z"}, "descriptions": [{"lang": "en", "value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0."}], "source": {"advisory": "GHSA-m58q-rmjm-mmfx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T20:14:26.757382Z", "id": "CVE-2025-66037", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T20:14:39.203Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66037", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T20:14:26.757382Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T20:14:32.391Z"}}], "cna": {"title": "OpenSC: Out of Bounds vulnerability", "source": {"advisory": "GHSA-m58q-rmjm-mmfx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "OpenSC", "product": "OpenSC", "versions": [{"status": "affected", "version": "< 0.27.0"}]}], "references": [{"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx", "name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037", "name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T17:01:27.790Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66037", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:14:39.203Z", "dateReserved": "2025-11-21T01:08:02.615Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T17:01:27.790Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*", "matchCriteriaId": "D890677F-5379-4587-B8E7-D38B02AD525A", "versionEndExcluding": "0.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0."}, {"lang": "es", "value": "OpenSC es un conjunto de herramientas y middleware de c\u00f3digo abierto para tarjetas inteligentes. Antes de la versi\u00f3n 0.27.0, al introducir una entrada manipulada en el arn\u00e9s fuzz_pkcs15_reader, OpenSC realiza una lectura de pila fuera de l\u00edmites en la ruta de manejo de X.509/SPKI. Espec\u00edficamente, sc_pkcs15_pubkey_from_spki_fields() asigna un b\u00fafer de longitud cero y luego lee un byte m\u00e1s all\u00e1 del final de esa asignaci\u00f3n. Este problema ha sido parcheado en la versi\u00f3n 0.27.0."}], "id": "CVE-2025-66037", "lastModified": "2026-04-01T17:59:35.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-30T18:16:18.007", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "OpenSC: OpenSC: Out-of-bounds read via crafted input", "id": "2453122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453122"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in OpenSC, an open-source smart card tools and middleware. An attacker could exploit this vulnerability by providing a specially crafted input. This crafted input causes an out-of-bounds heap read, where the software attempts to read data beyond its allocated memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-66037", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-30T17:01:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-66037\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-66037\nhttps://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx\nhttps://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.27.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "opensc", "vendor": "opensc"}], "analysis": {"en": {"generated_at": "2026-04-02T02:35:53.610456+00:00", "value": {"mitigation_remediation": ["Update OpenSC to version\u202f0.27.0 or later.", "Confirm the installation by checking the version number on the command line.", "Restart any services that depend on OpenSC and monitor for abnormal logs."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected vendor is the OpenSC project, offering the OpenSC smart\u2011card middleware and utilities. All versions prior to 0.27.0 are susceptible; the patch was delivered in release\u202f0.27.0. Systems running an older build of the OpenSC libraries or tools that invoke the fuzz_pkcs15_reader component are at risk.", "description_and_impact": "OpenSC, a widely used library for smart card interactions, contains an out\u2011of\u2011bounds heap read in its PKCS#15 reader. The flaw arises when the function that reads an X.509/SPKI field allocates a zero\u2011length buffer and then reads one byte beyond it. When an attacker supplies a crafted input to the fuzz_pkcs15_reader harness, the program may leak data from memory, leading to potential disclosure of sensitive information. This vulnerability is a classic buffer overread, classified as CWE\u2011125.", "risk_and_exploitability": "CVSS base score of 3.9 indicates low severity, and the EPSS score, below 1\u2009%, suggests a low probability of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog, further implying limited known exploitation. Exploitation requires supplying a deliberate input to a specific harness function, likely in a controlled environment or testing framework. Because the overread is confined to an internal buffer and does not trigger a crash or remote code execution, the immediate risk to operational systems is modest. Nonetheless, any untrusted data fed into the PKCS#15 reader should be considered a potential attack vector."}}}}, "created": "2026-03-30T20:55:26.336448+00:00", "updated": "2026-04-03T09:11:14.614540+00:00", "vendors": ["opensc", "opensc$PRODUCT$opensc"]}