CVE-2025-27839: operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness...

3.2 CVSS

Description

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible.

Classification

CVE ID: CVE-2025-27839

CVSS Base Severity: LOW

CVSS Base Score: 3.2

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem Types

CWE-1025 Comparison Using Wrong Factors

Affected Products

Vendor: Tangem

Product: SDK

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 3.84% (scored less or equal to compared to others)

EPSS Date: 2025-04-05 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27839
https://tangem.com/en/blog/post/app-update/
https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07
https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409

Timeline

2025-03-08 00:40:11 UTC
CVE

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness...