{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T18:26:38.931","vulnerabilities":[{"cve":{"id":"CVE-2025-27839","sourceIdentifier":"cve@mitre.org","published":"2025-03-08T00:15:38.340","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible."},{"lang":"es","value":"operations/attestation/AttestationTask.kt en el SDK de Tangem anterior a la versión 5.18.3 para Android tiene un flujo lógico en la certificación de billetera sin conexión (verificación de autenticidad) que hace que los resultados de la verificación se ignoren durante el primer escaneo de una tarjeta. Es posible que no haya sido posible explotarlo."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":3.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1025"}]}],"references":[{"url":"https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07","source":"cve@mitre.org"},{"url":"https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409","source":"cve@mitre.org"},{"url":"https://tangem.com/en/blog/post/app-update/","source":"cve@mitre.org"}]}}]}