{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66037", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-11-21T01:08:02.615Z", "datePublished": "2026-03-30T17:01:27.790Z", "dateUpdated": "2026-03-30T20:14:39.203Z"}, "containers": {"cna": {"title": "OpenSC: Out of Bounds vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx"}, {"name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037"}], "affected": [{"vendor": "OpenSC", "product": "OpenSC", "versions": [{"version": "< 0.27.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T17:01:27.790Z"}, "descriptions": [{"lang": "en", "value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0."}], "source": {"advisory": "GHSA-m58q-rmjm-mmfx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T20:14:26.757382Z", "id": "CVE-2025-66037", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T20:14:39.203Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66037", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T20:14:26.757382Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T20:14:32.391Z"}}], "cna": {"title": "OpenSC: Out of Bounds vulnerability", "source": {"advisory": "GHSA-m58q-rmjm-mmfx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.9, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "OpenSC", "product": "OpenSC", "versions": [{"status": "affected", "version": "< 0.27.0"}]}], "references": [{"url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx", "name": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037", "name": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T17:01:27.790Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66037", "state": "PUBLISHED", "dateUpdated": "2026-03-30T20:14:39.203Z", "dateReserved": "2025-11-21T01:08:02.615Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T17:01:27.790Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*", "matchCriteriaId": "D890677F-5379-4587-B8E7-D38B02AD525A", "versionEndExcluding": "0.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0."}, {"lang": "es", "value": "OpenSC es un conjunto de herramientas y middleware de c\u00f3digo abierto para tarjetas inteligentes. Antes de la versi\u00f3n 0.27.0, al introducir una entrada manipulada en el arn\u00e9s fuzz_pkcs15_reader, OpenSC realiza una lectura de pila fuera de l\u00edmites en la ruta de manejo de X.509/SPKI. Espec\u00edficamente, sc_pkcs15_pubkey_from_spki_fields() asigna un b\u00fafer de longitud cero y luego lee un byte m\u00e1s all\u00e1 del final de esa asignaci\u00f3n. Este problema ha sido parcheado en la versi\u00f3n 0.27.0."}], "id": "CVE-2025-66037", "lastModified": "2026-04-01T17:59:35.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-30T18:16:18.007", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "OpenSC: OpenSC: Out-of-bounds read via crafted input", "id": "2453122", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453122"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in OpenSC, an open-source smart card tools and middleware. An attacker could exploit this vulnerability by providing a specially crafted input. This crafted input causes an out-of-bounds heap read, where the software attempts to read data beyond its allocated memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-66037", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-30T17:01:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-66037\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-66037\nhttps://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx\nhttps://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-03-30T18:50:43.149289+00:00", "value": {"mitigation_remediation": ["Upgrade OpenSC to version 0.27.0 or later.", "If upgrade is not possible, limit the use of the fuzz_pkcs15_reader harness to trusted environments."], "summary": {"action": "Assess Impact", "impact": "Out-of-bounds heap memory read"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of OpenSC, the open source smart\u2011card tools and middleware, with any version released before 0.27.0. The issue was addressed and fixed in OpenSC 0.27.0; later releases are not affected.", "description_and_impact": "The vulnerability arises when a specially crafted input is provided to the fuzz_pkcs15_reader harness in OpenSC. The sc_pkcs15_pubkey_from_spki_fields() function allocates a zero-length buffer and then attempts to read one byte past the end of that allocation, resulting in an out-of-bounds heap read. This allows the caller to read data from an unintended memory location, potentially revealing sensitive information.", "risk_and_exploitability": "The base CVSS score is 3.9, which indicates limited impact and complexity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a crafted input to the fuzz_pkcs15_reader harness; no mention is made of additional privileges or simultaneous conditions. The low score and lack of public exploitation evidence suggest a moderate risk in environments that expose the harness to untrusted input."}}}}, "created": "2026-03-30T20:55:26.336448+00:00", "updated": "2026-03-30T20:55:26.336491+00:00", "vendors": []}