Description
A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched.
Published: 2026-04-14
Score: n/a
EPSS: n/a
KEV: No
Impact: Loss of Crypto Assets Through Mnemonic Exposure
Action: Patch Immediately
AI Analysis

Impact

A side‑channel vulnerability in the BIP‑39 mnemonic processing routine enables an attacker with physical access to the device during the very first use to extract the recovery phrase. The flaw originates from timing variations and branching paths in the word‑search algorithms defined by the BIP‑39 standard, allowing a single trace to be analyzed with deep‑learning techniques. Recovery of the mnemonic directly compromises the holder’s funds, as it provides full ownership of the wallet’s private keys.

Affected Systems

The weakness affects Trezor One (firmware versions 1.13.0‑1.14.0), Trezor T (firmware 1.13.0‑1.14.0), and Trezor Safe (firmware 1.13.0‑1.14.0). The issue is limited to these firmware releases; newer revisions are not impacted.

Risk and Exploitability

Because the attack requires only a single side‑channel trace collected during the initial setup and relies on well‑known deep‑learning crypto‑analysis, the exploitation risk is high for users who deploy the device in insecure physical environments. No public exploit code is known at the moment, but the vulnerability is already listed in vendor advisories and has no EPSS score or KEV listing. Security teams should treat it as a high‑severity flaw due to the direct financial loss it can cause.

Generated by OpenCVE AI on April 14, 2026 at 16:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the wallet firmware to the latest patched release from Trezor; the patch removes the timing variations in BIP‑39 word searching.
  • If a firmware upgrade is not yet available, perform the initial unlock in a controlled, trusted environment where an attacker cannot observe electrical or acoustic emissions that could be captured for side‑channel analysis.
  • Verify the authenticity of the firmware by checking its cryptographic signature before installation to ensure the correct non‑vulnerable code is running.

Generated by OpenCVE AI on April 14, 2026 at 16:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Side‑Channel Attack Enables Recovery of BIP‑39 Mnemonic on Trezor Wallets
Weaknesses CWE-128

Tue, 14 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant time execution and specific branch patterns for word searching. An attacker with physical access during the initial setup phase can collect a single side-channel trace. By utilizing profiling-based Deep Learning Side-Channel Analysis (DL-SCA), the attacker can recover the mnemonic code and subsequently steal the assets. The issue was patched.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T14:31:18.915Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69893

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-14T15:16:25.357

Modified: 2026-04-14T15:16:25.357

Link: CVE-2025-69893

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:37:18Z

Weaknesses