CVE Catalog

CVE-2025-13763

MediumCVSS 5.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

Multiple uses of uninitialized variables were found in libopensc, potentially leading to information disclosure or application crash. The attack requires a crafted USB device or smart card that presents specially crafted APDU responses.

Risk Assessment

The organization risks sensitive data leakage or service disruption in systems relying on libopensc, such as smart card authentication infrastructure.

Recommendation

Immediately update libopensc to a patched version that fixes the uninitialized variable issues. Restrict physical access to USB ports and card readers.

Original NVD description (English source)

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs

Vulnerability data from NVD (NIST) · CISA KEV · EPSS