CVE-2025-13763
5.7
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenSC | OpenSC | 0 < 0.27.0 | affected |
Weaknesses
Workarounds
To mitigate this issue, avoid connecting untrusted USB devices or smart cards to systems running affected versions of Red Hat Enterprise Linux. This operational control reduces the risk of an attacker presenting a specially crafted device to exploit the uninitialized variable flaws in libopensc.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
References
- https://access.redhat.com/security/cve/CVE-2025-13763
- https://bugzilla.redhat.com/show_bug.cgi?id=2417581
- https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv
- https://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.