{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-69893", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T14:31:18.915Z", "dateReserved": "2026-01-09T00:00:00.000Z", "datePublished": "2026-04-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-14T14:31:18.915Z"}, "descriptions": [{"lang": "en", "value": "A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://trezor.com"}, {"url": "https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched."}], "id": "CVE-2025-69893", "lastModified": "2026-04-14T15:16:25.357", "metrics": {}, "published": "2026-04-14T15:16:25.357", "references": [{"source": "cve@mitre.org", "url": "http://trezor.com"}, {"source": "cve@mitre.org", "url": "https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-04-14T16:36:10.938002+00:00", "value": {"mitigation_remediation": ["Update the wallet firmware to the latest patched release from Trezor; the patch removes the timing variations in BIP\u201139 word searching.", "If a firmware upgrade is not yet available, perform the initial unlock in a controlled, trusted environment where an attacker cannot observe electrical or acoustic emissions that could be captured for side\u2011channel analysis.", "Verify the authenticity of the firmware by checking its cryptographic signature before installation to ensure the correct non\u2011vulnerable code is running."], "summary": {"action": "Patch Immediately", "impact": "Loss of Crypto Assets Through Mnemonic Exposure"}, "threat_synthesis": {"affected_systems": "The weakness affects Trezor One (firmware versions\u202f1.13.0\u20111.14.0), Trezor\u202fT (firmware 1.13.0\u20111.14.0), and Trezor\u00a0Safe (firmware 1.13.0\u20111.14.0). The issue is limited to these firmware releases; newer revisions are not impacted.", "description_and_impact": "A side\u2011channel vulnerability in the BIP\u201139 mnemonic processing routine enables an attacker with physical access to the device during the very first use to extract the recovery phrase. The flaw originates from timing variations and branching paths in the word\u2011search algorithms defined by the BIP\u201139 standard, allowing a single trace to be analyzed with deep\u2011learning techniques. Recovery of the mnemonic directly compromises the holder\u2019s funds, as it provides full ownership of the wallet\u2019s private keys.", "risk_and_exploitability": "Because the attack requires only a single side\u2011channel trace collected during the initial setup and relies on well\u2011known deep\u2011learning crypto\u2011analysis, the exploitation risk is high for users who deploy the device in insecure physical environments. No public exploit code is known at the moment, but the vulnerability is already listed in vendor advisories and has no EPSS score or KEV listing. Security teams should treat it as a high\u2011severity flaw due to the direct financial loss it can cause."}}}}, "created": "2026-04-14T16:37:18.259132+00:00", "title": "Side\u2011Channel Attack Enables Recovery of BIP\u201139 Mnemonic on Trezor Wallets", "updated": "2026-04-14T16:37:18.259155+00:00", "vendors": [], "weaknesses": ["CWE-128"]}