CVE-2025-65822
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| espressif | esp32 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1191 | The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the ESP32 system on a chip (SoC) used in the Meatmeet Pro device, where the JTAG debugging interface is left enabled. An attacker with physical access can connect to the device via JTAG and reflash its firmware with malicious code, which will then execute when the device runs.
How can this vulnerability impact me? :
The impact includes loss of device functionality for the victim and potential unauthorized access to the victim's Wi-Fi network. The attacker can reflash the device firmware to connect to the SSID stored in the device's NVS partition, potentially compromising network security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, disable JTAG on the ESP32 device to prevent unauthorized physical access and firmware reflashing. Ensure physical security of the device to prevent attackers from connecting to the JTAG port.