{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-05T08:34:13.752","vulnerabilities":[{"cve":{"id":"CVE-2025-49010","sourceIdentifier":"security-advisories@github.com","published":"2026-03-30T18:16:16.950","lastModified":"2026-06-17T09:30:39.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0."},{"lang":"es","value":"OpenSC es un conjunto de herramientas y middleware de código abierto para tarjetas inteligentes. Antes de la versión 0.27.0, un atacante con acceso físico al ordenador en el momento en que un usuario o administrador utiliza un token puede causar una escritura de desbordamiento de búfer de pila en GET RESPONSE. El ataque requiere un dispositivo USB manipulado o una tarjeta inteligente manipulada que presentaría al sistema respuestas especialmente diseñadas para las APDU. Este problema ha sido parcheado en la versión 0.27.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"OpenSC","product":"OpenSC","versions":[{"version":"< 0.27.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.4,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-30T18:38:16.196764Z","id":"CVE-2025-49010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*","versionEndExcluding":"0.27.0","matchCriteriaId":"D890677F-5379-4587-B8E7-D38B02AD525A"}]}]}],"references":[{"url":"https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}