CVE-2025-13763

Published: April 3, 2026Last modified: April 6, 2026

Description

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs

Severity score breakdown

Parameter	Value
Base score	5.7
Attack Vector	PHYSICAL
Attack complexity	HIGH
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	opensc	Fixed (0.27.1-r0)
	25 LTS	opensc	Fixed (0.27.1-r0)
	Stream	opensc	Fixed (0.27.1-r0)

References

https://access.redhat.com/security/cve/CVE-2025-13763
https://bugzilla.redhat.com/show_bug.cgi?id=2417581
https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv
https://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763