CVE-2025-52471
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-06-24

Last updated on: 2026-01-22

Assigner: GitHub, Inc.

Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the packet receive function. Under certain conditions, this may lead to out-of-bounds memory access and may allow arbitrary memory write operations. On systems without a memory protection scheme, this behavior could potentially be used to achieve remote code execution (RCE) on the target device. In versions 5.4.2, 5.3.4, 5.2.6, and 5.1.6, ESP-NOW has added more comprehensive validation logic on user-supplied data length during packet reception to prevent integer underflow caused by negative value calculations. For ESP-IDF v5.3 and earlier, a workaround can be applied by validating that the `data_len` parameter received in the RX callback (registered via `esp_now_register_recv_cb()`) is a positive value before further processing. For ESP-IDF v5.4 and later, no application-level workaround is available. Users are advised to upgrade to a patched version of ESP-IDF to take advantage of the built-in mitigation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-24
Last Modified
2026-01-22
Generated
2026-05-07
AI Q&A
2025-06-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52471
EUVD
EUVD-2025-19059
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
espressif esp-idf 5.1.6
espressif esp-idf 5.2.5
espressif esp-idf 5.3.3
espressif esp-idf 5.4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-52471 is an integer underflow vulnerability in the ESP-NOW protocol implementation within the ESP Wi-Fi component of the ESP-IDF framework. It occurs because the system does not properly validate the length of user-supplied data in received packets. This improper validation can cause an integer underflow, leading to out-of-bounds memory access and potentially arbitrary memory write operations. On devices without memory protection, this flaw could allow an attacker to execute remote code on the device. [7]


How can this vulnerability impact me? :

This vulnerability can lead to serious security issues such as out-of-bounds memory access and arbitrary memory writes. On systems lacking memory protection, it may be exploited to achieve remote code execution (RCE), allowing an attacker to run malicious code remotely on the affected device. This can compromise the device's integrity, confidentiality, and availability. [7]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade your ESP-IDF framework to a patched version (v5.1.7, v5.2.6, v5.3.4, or v5.4.2 and later) that includes enhanced validation logic for ESP-NOW data reception. If you are using ESP-IDF version 5.3 or earlier, apply an application-level workaround by validating that the data_len parameter received in the esp_now_register_recv_cb() callback is positive before processing it. For versions 5.4 and later, no application-level workaround is available, so upgrading is strongly recommended. [7]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart