Home > Vulnerability Database > CVE-2025-27839

Mend.io Vulnerability Database

CVE-2025-27839

Date: March 6, 2025

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible.

Severity Score

3.2

Related Resources (5)

Url: https://github.com/tangem/tangem-sdk-android/releases/tag/release-app_5.18-409

Url: https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27839

Url: https://tangem.com/en/blog/post/app-update/

Url: https://www.mend.io/vulnerability-database/CVE-2025-27839

Severity Score

3.2

Weakness Type (CWE)

Comparison Using Wrong Factors

CWE-1025

CVSS v3.1

Base Score:	3.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27839

Date: March 6, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?