CVE-2025-66409
BaseFortify
Publication date: 2025-12-02
Last updated on: 2026-02-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| espressif | esp-idf | From 5.2 (inc) to 5.2.6 (inc) |
| espressif | esp-idf | From 5.3 (inc) to 5.3.4 (inc) |
| espressif | esp-idf | From 5.4 (inc) to 5.4.3 (inc) |
| espressif | esp-idf | From 5.5 (inc) to 5.5.1 (inc) |
| espressif | esp-idf | to 5.1.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Espressif Internet of Things Development Framework (ESF-IDF) versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier when AVRCP is enabled on ESP32 devices. If the device receives a malformed VENDOR DEPENDENT Bluetooth command from a peer device, the Bluetooth stack may access memory without properly validating the command buffer length. This can lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.
How can this vulnerability impact me? :
The vulnerability can cause the Bluetooth stack on affected ESP32 devices to read memory out-of-bounds when processing malformed commands. This may expose unintended memory content, which could potentially leak sensitive information, or cause unexpected behavior in the device, possibly affecting its stability or security.