{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T01:50:53.709","vulnerabilities":[{"cve":{"id":"CVE-2025-69893","sourceIdentifier":"cve@mitre.org","published":"2026-04-14T15:16:25.357","lastModified":"2026-04-17T15:24:57.753","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-385"}]}],"references":[{"url":"http://trezor.com","source":"cve@mitre.org"},{"url":"https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked","source":"cve@mitre.org"}]}}]}