fkie_cve-2025-27839
Vulnerability from fkie_nvd
Published
2025-03-08 00:15
Modified
2025-03-08 00:15
Severity ?
3.2 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible.
References
cve@mitre.orghttps://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07
cve@mitre.orghttps://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409
cve@mitre.orghttps://tangem.com/en/blog/post/app-update/
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible."
    },
    {
      "lang": "es",
      "value": "operations/attestation/AttestationTask.kt en el SDK de Tangem anterior a la versi\u00f3n 5.18.3 para Android tiene un flujo l\u00f3gico en la certificaci\u00f3n de billetera sin conexi\u00f3n (verificaci\u00f3n de autenticidad) que hace que los resultados de la verificaci\u00f3n se ignoren durante el primer escaneo de una tarjeta. Es posible que no haya sido posible explotarlo."
    }
  ],
  "id": "CVE-2025-27839",
  "lastModified": "2025-03-08T00:15:38.340",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.2,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 1.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-08T00:15:38.340",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://tangem.com/en/blog/post/app-update/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1025"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.