Refine your search
5 vulnerabilities found for by Espressif
CVE-2025-68474 (GCVE-0-2025-68474)
Vulnerability from cvelistv5
Published
2025-12-26 23:57
Modified
2025-12-29 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual fixed header data written before the vendor payload exceeds this value. This totals 29 bytes written before p_msg->p_vendor_data is copied. Using the old AVRC_MIN_CMD_LEN could allow an out-of-bounds write if vendor_len approaches the buffer limit. For commands where vendor_len is large, the original buffer allocation may be insufficient, causing writes beyond the allocated memory. This can lead to memory corruption, crashes, or other undefined behavior. The overflow could be larger when assertions are disabled.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T16:43:54.191900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T16:51:36.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esp-idf",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.5-beta1, \u003c= 5.5.1"
},
{
"status": "affected",
"version": "\u003e= 5.4-beta1, \u003c= 5.4.3"
},
{
"status": "affected",
"version": "\u003e= 5.3-beta1, \u003c= 5.3.4"
},
{
"status": "affected",
"version": "\u003e= 5.2-beta1, \u003c= 5.2.6"
},
{
"status": "affected",
"version": "\u003c= 5.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual fixed header data written before the vendor payload exceeds this value. This totals 29 bytes written before p_msg-\u003ep_vendor_data is copied. Using the old AVRC_MIN_CMD_LEN could allow an out-of-bounds write if vendor_len approaches the buffer limit. For commands where vendor_len is large, the original buffer allocation may be insufficient, causing writes beyond the allocated memory. This can lead to memory corruption, crashes, or other undefined behavior. The overflow could be larger when assertions are disabled."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T23:57:54.853Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/esp-idf/security/advisories/GHSA-43gh-7r4f-qp57",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-43gh-7r4f-qp57"
},
{
"name": "https://github.com/espressif/esp-idf/commit/0b0b59f2e19cb99dfa1b28c284d1c5c1d276a132",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/0b0b59f2e19cb99dfa1b28c284d1c5c1d276a132"
},
{
"name": "https://github.com/espressif/esp-idf/commit/565fa98d0cfd58102204c1cb636747e17ee59845",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/565fa98d0cfd58102204c1cb636747e17ee59845"
},
{
"name": "https://github.com/espressif/esp-idf/commit/8262ee807d5cd425f66304f703eeb3382fb888c0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/8262ee807d5cd425f66304f703eeb3382fb888c0"
},
{
"name": "https://github.com/espressif/esp-idf/commit/a6c1bc5e3e91ad1cb964ce2c178ee40a5d10a4a0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/a6c1bc5e3e91ad1cb964ce2c178ee40a5d10a4a0"
},
{
"name": "https://github.com/espressif/esp-idf/commit/aa0e3d75db995b7137b55349fc92ee684b47092d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/aa0e3d75db995b7137b55349fc92ee684b47092d"
},
{
"name": "https://github.com/espressif/esp-idf/commit/b9ba1e29b65536ab4b670ac099585d09adce0376",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/b9ba1e29b65536ab4b670ac099585d09adce0376"
}
],
"source": {
"advisory": "GHSA-43gh-7r4f-qp57",
"discovery": "UNKNOWN"
},
"title": "ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68474",
"datePublished": "2025-12-26T23:57:54.853Z",
"dateReserved": "2025-12-18T13:52:15.491Z",
"dateUpdated": "2025-12-29T16:51:36.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68473 (GCVE-0-2025-68473)
Vulnerability from cvelistv5
Published
2025-12-26 23:54
Modified
2025-12-29 16:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUIDs during the SDP (Service Discovery Protocol) process. On modern Bluetooth devices, it is possible for the number of available services to exceed this fixed limit (32). In such cases, if more than 32 services are discovered, subsequent writes to uuid_list could exceed the bounds of the array, resulting in a potential out-of-bounds write condition.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-29T16:44:09.956137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-29T16:51:42.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esp-idf",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.5-beta1, \u003c= 5.5.1"
},
{
"status": "affected",
"version": "\u003e= 5.4-beta1, \u003c= 5.4.3"
},
{
"status": "affected",
"version": "\u003e= 5.3-beta1, \u003c= 5.3.4"
},
{
"status": "affected",
"version": "\u003e= 5.2-beta1, \u003c= 5.2.6"
},
{
"status": "affected",
"version": "\u003c= 5.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUIDs during the SDP (Service Discovery Protocol) process. On modern Bluetooth devices, it is possible for the number of available services to exceed this fixed limit (32). In such cases, if more than 32 services are discovered, subsequent writes to uuid_list could exceed the bounds of the array, resulting in a potential out-of-bounds write condition."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 0,
"baseSeverity": "NONE",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-26T23:54:47.709Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq"
},
{
"name": "https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d"
},
{
"name": "https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab"
},
{
"name": "https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c"
},
{
"name": "https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1"
},
{
"name": "https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e"
},
{
"name": "https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed"
},
{
"name": "https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6"
}
],
"source": {
"advisory": "GHSA-hmjj-rjvv-w8pq",
"discovery": "UNKNOWN"
},
"title": "ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68473",
"datePublished": "2025-12-26T23:54:47.709Z",
"dateReserved": "2025-12-18T13:52:15.491Z",
"dateUpdated": "2025-12-29T16:51:42.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66409 (GCVE-0-2025-66409)
Vulnerability from cvelistv5
Published
2025-12-02 18:09
Modified
2025-12-02 18:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66409",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T18:43:14.641038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T18:46:18.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esp-idf",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.5-beta1, \u003c= 5.5.1"
},
{
"status": "affected",
"version": "\u003e= 5.4-beta1, \u003c= 5.4.3"
},
{
"status": "affected",
"version": "\u003e= 5.3-beta1, \u003c= 5.3.4"
},
{
"status": "affected",
"version": "\u003e= 5.2-beta1, \u003c= 5.2.6"
},
{
"status": "affected",
"version": "\u003c= 5.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T18:09:03.069Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/esp-idf/security/advisories/GHSA-qhf9-vr2h-jh96",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-qhf9-vr2h-jh96"
},
{
"name": "https://github.com/espressif/esp-idf/commit/075ed218cadb8088155521cd8a795d8a626519fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/075ed218cadb8088155521cd8a795d8a626519fb"
},
{
"name": "https://github.com/espressif/esp-idf/commit/2f788e59ee361eee230879ae2ec9cf5c893fe372",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/2f788e59ee361eee230879ae2ec9cf5c893fe372"
},
{
"name": "https://github.com/espressif/esp-idf/commit/798029129a71c802cff0e75eb59f902bca8f1946",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/798029129a71c802cff0e75eb59f902bca8f1946"
},
{
"name": "https://github.com/espressif/esp-idf/commit/999710fccf95ae128fe51b5679d6b7c75c50d902",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/999710fccf95ae128fe51b5679d6b7c75c50d902"
},
{
"name": "https://github.com/espressif/esp-idf/commit/d5db5f60fc1dcfdd8cd3ee898fdefaa272988ace",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/d5db5f60fc1dcfdd8cd3ee898fdefaa272988ace"
},
{
"name": "https://github.com/espressif/esp-idf/commit/daeeba230327176b9627b1caa94acdc54065c4b7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/daeeba230327176b9627b1caa94acdc54065c4b7"
}
],
"source": {
"advisory": "GHSA-qhf9-vr2h-jh96",
"discovery": "UNKNOWN"
},
"title": "ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66409",
"datePublished": "2025-12-02T18:09:03.069Z",
"dateReserved": "2025-11-28T23:33:56.365Z",
"dateUpdated": "2025-12-02T18:46:18.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65092 (GCVE-0-2025-65092)
Vulnerability from cvelistv5
Published
2025-11-21 21:33
Modified
2025-11-21 21:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T21:56:06.906288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T21:56:26.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esp-idf",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "= 5.5.1"
},
{
"status": "affected",
"version": "= 5.4.3"
},
{
"status": "affected",
"version": "= 5.3.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T21:33:03.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8"
},
{
"name": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c"
},
{
"name": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42"
},
{
"name": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17"
},
{
"name": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27"
}
],
"source": {
"advisory": "GHSA-vcw6-jc3p-4gj8",
"discovery": "UNKNOWN"
},
"title": "ESP32-P4 JPEG Decoder Header Parsing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65092",
"datePublished": "2025-11-21T21:33:03.656Z",
"dateReserved": "2025-11-17T20:55:34.691Z",
"dateUpdated": "2025-11-21T21:56:26.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64342 (GCVE-0-2025-64342)
Vulnerability from cvelistv5
Published
2025-11-17 17:21
Modified
2025-11-17 21:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly report a connection event to the host, which can cause the application layer to assume that the device has successfully established a connection. This issue has been fixed in versions 5.5.2, 5.4.3, 5.3.5, 5.2.6, and 5.1.7. At time of publication versions 5.5.2, 5.3.5, and 5.1.7 have not been released but are fixed respectively in commits 3b95b50, e3d7042, and 75967b5.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-17T21:03:18.603291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T21:04:07.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "esp-idf",
"vendor": "espressif",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.5-beta1, \u003c 5.5.2"
},
{
"status": "affected",
"version": "\u003e= 5.4-beta1, \u003c 5.4.3"
},
{
"status": "affected",
"version": "\u003e= 5.3-beta1, \u003c 5.3.5"
},
{
"status": "affected",
"version": "\u003e= 5.2-beta1, \u003c 5.2.6"
},
{
"status": "affected",
"version": "\u003c 5.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop unexpectedly. In this case, the controller may incorrectly report a connection event to the host, which can cause the application layer to assume that the device has successfully established a connection. This issue has been fixed in versions 5.5.2, 5.4.3, 5.3.5, 5.2.6, and 5.1.7. At time of publication versions 5.5.2, 5.3.5, and 5.1.7 have not been released but are fixed respectively in commits 3b95b50, e3d7042, and 75967b5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-17T17:21:01.773Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espressif/esp-idf/security/advisories/GHSA-8mg7-9qpg-p92v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-8mg7-9qpg-p92v"
},
{
"name": "https://github.com/espressif/esp-idf/commit/309f031dd6b04de30c926a256508c65b0df95dfa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/309f031dd6b04de30c926a256508c65b0df95dfa"
},
{
"name": "https://github.com/espressif/esp-idf/commit/3b95b50703cd3301a370cffaa1cc299b1941fe2a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/3b95b50703cd3301a370cffaa1cc299b1941fe2a"
},
{
"name": "https://github.com/espressif/esp-idf/commit/75967b578563ea7876dc215251cbb6d64bc9d768",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/75967b578563ea7876dc215251cbb6d64bc9d768"
},
{
"name": "https://github.com/espressif/esp-idf/commit/8ec541023684d33b498fa21c5b4724bce748aa7b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/8ec541023684d33b498fa21c5b4724bce748aa7b"
},
{
"name": "https://github.com/espressif/esp-idf/commit/bf66761962579f73aea682d1154b9c99b9d3d7dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/bf66761962579f73aea682d1154b9c99b9d3d7dc"
},
{
"name": "https://github.com/espressif/esp-idf/commit/e3d70429566ece1ef593d36aa4ebd320e0c95925",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espressif/esp-idf/commit/e3d70429566ece1ef593d36aa4ebd320e0c95925"
}
],
"source": {
"advisory": "GHSA-8mg7-9qpg-p92v",
"discovery": "UNKNOWN"
},
"title": "ESF-IDF\u0027s ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64342",
"datePublished": "2025-11-17T17:21:01.773Z",
"dateReserved": "2025-10-30T17:40:52.031Z",
"dateUpdated": "2025-11-17T21:04:07.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}