CVE-2025-13763
MediumCVSS 5.7Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
Multiple uses of uninitialized variables were found in libopensc, potentially leading to information disclosure or application crash. The attack requires a crafted USB device or smart card that presents specially crafted APDU responses.
Risk Assessment
The organization risks sensitive data leakage or service disruption in systems relying on libopensc, such as smart card authentication infrastructure.
Recommendation
Immediately update libopensc to a patched version that fixes the uninitialized variable issues. Restrict physical access to USB ports and card readers.
Original NVD description (English source)
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs

