Description
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched.
Published: 2026-04-14
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Loss of Crypto Assets Through Mnemonic Exposure
Action: Patch Immediately
AI Analysis

Impact

A side‑channel vulnerability in the BIP‑39 mnemonic processing routine enables an attacker with physical access to the device during the very first use to extract the recovery phrase. The flaw originates from timing variations and branching paths in the word‑search algorithms defined by the BIP‑39 standard, allowing a single trace to be analyzed with deep‑learning techniques. Recovery of the mnemonic directly compromises the holder’s funds, as it provides full ownership of the wallet’s private keys.

Affected Systems

The weakness affects Trezor One (firmware versions 1.13.0‑1.14.0), Trezor T (firmware 1.13.0‑1.14.0), and Trezor Safe (firmware 1.13.0‑1.14.0). The issue is limited to these firmware releases; newer revisions are not impacted.

Risk and Exploitability

Because the attack requires only a single side‑channel trace collected during the initial setup and relies on well‑known deep‑learning crypto‑analysis, the exploitation risk is moderate given the low CVSS score of 4.6, but recovery of the mnemonic directly compromises the wallet’s private keys. The EPSS score is below 1 %, indicating a low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Security teams should still treat it as a concern and update firmware to the patched version.

Generated by OpenCVE AI on April 18, 2026 at 09:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the wallet firmware to the latest patched release from Trezor; the patch removes the timing variations in BIP‑39 word searching.
  • If a firmware upgrade is not yet available, perform the initial unlock in a controlled, trusted environment where an attacker cannot observe electrical or acoustic emissions that could be captured for side‑channel analysis.
  • Verify the authenticity of the firmware by checking its cryptographic signature before installation to ensure the correct non‑vulnerable code is running.

Generated by OpenCVE AI on April 18, 2026 at 09:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
Title Side-Channel Vulnerability in BIP-39 Mnemonic Processing on Trezor Wallets Enables Mnemonic Exposure

Fri, 17 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Title Side‑Channel Attack Enables Recovery of BIP‑39 Mnemonic on Trezor Wallets
Weaknesses CWE-128

Thu, 16 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-385
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Satoshilabs
Satoshilabs trezor One
Satoshilabs trezor Safe
Satoshilabs trezor T
Vendors & Products Satoshilabs
Satoshilabs trezor One
Satoshilabs trezor Safe
Satoshilabs trezor T

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Side‑Channel Attack Enables Recovery of BIP‑39 Mnemonic on Trezor Wallets
Weaknesses CWE-128

Tue, 14 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched.
References

Subscriptions

Satoshilabs Trezor One Trezor Safe Trezor T
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T12:06:31.722Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69893

cve-icon Vulnrichment

Updated: 2026-04-16T11:38:24.667Z

cve-icon NVD

Status : Deferred

Published: 2026-04-14T15:16:25.357

Modified: 2026-04-27T19:18:46.690

Link: CVE-2025-69893

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:30:25Z

Weaknesses