CVE-2025-55297
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| espressif | esp-idf | 5.4.1 |
| espressif | esp-idf | 5.1.6 |
| espressif | esp-idf | 5.3.3 |
| espressif | esp-idf | * |
| espressif | esp-idf | 5.0.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-131 | The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the BluFi example of the Espressif Internet of Things Development Framework (ESP-IDF). It involves memory overflows in two areas: handling of Wi-Fi credentials and the Diffie–Hellman key exchange process. These memory overflows could potentially be exploited to cause unexpected behavior or compromise the device.
How can this vulnerability impact me? :
This vulnerability could allow attackers to exploit memory overflows related to Wi-Fi credential handling and key exchange, potentially leading to unauthorized access, data leakage, or disruption of device operation. It may compromise the security of the device's network communications.
What immediate steps should I take to mitigate this vulnerability?
Update the Espressif Internet of Things Development Framework (ESP-IDF) to version 5.4.1, 5.3.3, 5.1.6, or 5.0.9 or later, as these versions contain fixes for the memory overflow vulnerabilities in the BluFi example related to Wi-Fi credential handling and Diffie–Hellman key exchange.