CVE-2025-27839

{"id": "CVE-2025-27839", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.2, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.4}]}, "published": "2025-03-08T00:15:38.340", "references": [{"url": "https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07", "source": "cve@mitre.org"}, {"url": "https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409", "source": "cve@mitre.org"}, {"url": "https://tangem.com/en/blog/post/app-update/", "source": "cve@mitre.org"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-1025"}]}], "descriptions": [{"lang": "en", "value": "operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible."}, {"lang": "es", "value": "operations/attestation/AttestationTask.kt en el SDK de Tangem anterior a la versi\u00f3n 5.18.3 para Android tiene un flujo l\u00f3gico en la certificaci\u00f3n de billetera sin conexi\u00f3n (verificaci\u00f3n de autenticidad) que hace que los resultados de la verificaci\u00f3n se ignoren durante el primer escaneo de una tarjeta. Es posible que no haya sido posible explotarlo."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cve@mitre.org"}