CVE-2025-68622
Unknown Unknown - Not Provided
Stack Buffer Overflow in Espressif ESP-IDF USB Host UVC Driver

Publication date: 2026-01-12

Last updated on: 2026-01-12

Assigner: GitHub, Inc.

Description
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class (UVC) device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC configuration-descriptor printing is enabled, the host prints detailed descriptor information provided by the connected USB device. A specially crafted UVC descriptor may advertise an excessively large length. Because this value is not validated before being copied into a fixed-size stack buffer, an attacker can overflow the buffer and corrupt memory. This vulnerability is fixed in 2.4.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-12
Last Modified
2026-01-12
Generated
2026-06-16
AI Q&A
2026-01-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68622
EUVD
EUVD-2025-206283
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
espressif usb_host_uvc to 2.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68622 is a stack buffer overflow vulnerability in the Espressif esp-usb USB Host UVC Class Driver that occurs during the printing of USB Video Class (UVC) configuration descriptors. When verbose descriptor printing is enabled, a malicious UVC device can present a specially crafted descriptor with an excessively large length field. This length is not validated before being copied into a fixed-size stack buffer, causing a buffer overflow and memory corruption. The vulnerability arises from unnecessary memcpy operations that copy descriptor data into local buffers, which was fixed by removing these copies and directly accessing the data structures. This flaw allows an attacker to potentially crash the system or execute arbitrary code by connecting a rogue UVC device. [1, 3]

Impact Analysis

This vulnerability can impact you by allowing a malicious USB Video Class (UVC) device to cause a stack buffer overflow on the host system. This can lead to memory corruption, resulting in a system crash (denial of service) or potentially arbitrary code execution. An attacker who can connect a rogue UVC device to the affected system could exploit this vulnerability to disrupt normal operation or take control of the system. [3]

Detection Guidance

This vulnerability can be detected by enabling verbose UVC configuration-descriptor printing on the Espressif USB Host UVC driver and monitoring for crashes or abnormal behavior when a USB Video Class device is connected. Since the vulnerability occurs during descriptor parsing, observing stack buffer overflow symptoms or memory corruption when connecting UVC devices may indicate exploitation. Specific commands are not provided in the resources, but updating to version 2.4.0 or later, which includes fixes and validation, is recommended to prevent detection issues. [3, 2]

Mitigation Strategies

The immediate mitigation step is to upgrade the Espressif USB Host UVC driver to version 2.4.0 or later, where the vulnerability is fixed by removing unsafe memcpy operations and adding descriptor-length validation. This update eliminates the stack buffer overflow risk during UVC descriptor printing. Additionally, avoid enabling verbose UVC configuration-descriptor printing on vulnerable versions to reduce exposure. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68622. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart