Description

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched.

INFO

Published Date :

2026-04-14T00:00:00.000Z

Last Modified :

2026-04-16T12:06:31.722Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69893 vulnerability.

Vendors Products
Satoshilabs
  • Trezor One
  • Trezor Safe
  • Trezor T
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69893.

URL Resource
http://trezor.com cve-icon cve-icon
https://trezor.io/vulnerability/fix-side-channel-in-bip-39-mnemonic-processing-when-unlocked cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System