{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69893", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-16T12:06:31.722Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:31:18.915Z"}, "descriptions": [{"lang": "en", "value": "A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://trezor.com"}, {"url": "https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-385", "lang": "en", "description": "CWE-385 Covert Timing Channel"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T11:38:30.498917Z", "id": "CVE-2025-69893", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T12:06:31.722Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69893", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-16T11:38:30.498917Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-385", "description": "CWE-385 Covert Timing Channel"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T11:38:24.667Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://trezor.com"}, {"url": "https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked"}], "descriptions": [{"lang": "en", "value": "A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:31:18.915Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69893", "state": "PUBLISHED", "dateUpdated": "2026-04-16T12:06:31.722Z", "dateReserved": "2026-01-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-14T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched."}], "id": "CVE-2025-69893", "lastModified": "2026-04-27T19:18:46.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-14T15:16:25.357", "references": [{"source": "cve@mitre.org", "url": "http://trezor.com"}, {"source": "cve@mitre.org", "url": "https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-385"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.13.0,1.14.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "trezor_one", "vendor": "satoshilabs"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.13.0,1.14.0]"}}], "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "trezor_safe", "vendor": "satoshilabs"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.13.0,1.14.0]"}}], "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "trezor_t", "vendor": "satoshilabs"}], "analysis": {"en": {"generated_at": "2026-04-18T09:29:14.738760+00:00", "value": {"mitigation_remediation": ["Update the wallet firmware to the latest patched release from Trezor; the patch removes the timing variations in BIP\u201139 word searching.", "If a firmware upgrade is not yet available, perform the initial unlock in a controlled, trusted environment where an attacker cannot observe electrical or acoustic emissions that could be captured for side\u2011channel analysis.", "Verify the authenticity of the firmware by checking its cryptographic signature before installation to ensure the correct non\u2011vulnerable code is running."], "summary": {"action": "Patch Immediately", "impact": "Loss of Crypto Assets Through Mnemonic Exposure"}, "threat_synthesis": {"affected_systems": "The weakness affects Trezor One (firmware versions\u202f1.13.0\u20111.14.0), Trezor\u202fT (firmware 1.13.0\u20111.14.0), and Trezor\u00a0Safe (firmware 1.13.0\u20111.14.0). The issue is limited to these firmware releases; newer revisions are not impacted.", "description_and_impact": "A side\u2011channel vulnerability in the BIP\u201139 mnemonic processing routine enables an attacker with physical access to the device during the very first use to extract the recovery phrase. The flaw originates from timing variations and branching paths in the word\u2011search algorithms defined by the BIP\u201139 standard, allowing a single trace to be analyzed with deep\u2011learning techniques. Recovery of the mnemonic directly compromises the holder\u2019s funds, as it provides full ownership of the wallet\u2019s private keys.", "risk_and_exploitability": "Because the attack requires only a single side\u2011channel trace collected during the initial setup and relies on well\u2011known deep\u2011learning crypto\u2011analysis, the exploitation risk is moderate given the low CVSS score of 4.6, but recovery of the mnemonic directly compromises the wallet\u2019s private keys. The EPSS score is below 1\u202f%, indicating a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Security teams should still treat it as a concern and update firmware to the patched version."}}}}, "created": "2026-04-14T16:37:18.259132+00:00", "title": "Side-Channel Vulnerability in BIP-39 Mnemonic Processing on Trezor Wallets Enables Mnemonic Exposure", "updated": "2026-04-18T09:30:25.694757+00:00", "vendors": ["satoshilabs", "satoshilabs$PRODUCT$trezor_one", "satoshilabs$PRODUCT$trezor_safe", "satoshilabs$PRODUCT$trezor_t"]}