Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

espressif — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting espressif. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by espressif:esp-idfarduino-esp32esp-usbesp-nowESP32
CVE IDTitleCVSSSeverityPublished
CVE-2026-41429 Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption — arduino-esp32CWE-121 8.8 High2026-04-24
CVE-2026-25508 ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning — esp-idfCWE-125 6.3 Medium2026-02-04
CVE-2026-25507 ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning — esp-idfCWE-416 6.3 Medium2026-02-04
CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow — esp-idfCWE-191 6.3 Medium2026-02-04
CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path — esp-usbCWE-415 6.4 Medium2026-01-12
CVE-2025-68656 Espressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability — esp-usbCWE-416 6.8 Medium2026-01-12
CVE-2025-68622 Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing — esp-usbCWE-121 6.8 Medium2026-01-12
CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling — esp-idfCWE-787 7.5 -2025-12-26
CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling — esp-idfCWE-787 6.5 -2025-12-26
CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling — esp-idfCWE-125 6.5AIMediumAI2025-12-02
CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability — esp-idfCWE-125 9.1 -2025-11-21
CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability — esp-idfCWE-754--AI2025-11-17
CVE-2025-55297 ESF-IDF BluFi Example Memory Overflow Vulnerability — esp-idfCWE-120 7.4AIHighAI2025-08-21
CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution — arduino-esp32CWE-352 8.8AIHighAI2025-07-07
CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp — arduino-esp32CWE-113 7.5AIHighAI2025-06-26
CVE-2025-52471 ESP-NOW Integer Underflow Vulnerability Advisory — esp-idfCWE-191 9.8AICriticalAI2025-06-24
CVE-2025-27840 Espressif ESP32 安全漏洞 — ESP32CWE-912 6.8 Medium2025-03-08
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2 — esp-idfCWE-327 7.5 -2024-12-11
CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities — arduino-esp32CWE-20 10.0 Critical2024-09-17
CVE-2024-42483 ESP-NOW Replay Attacks Vulnerability — esp-nowCWE-349 6.5 Medium2024-09-12
CVE-2024-42484 ESP-NOW OOB Vulnerability In Group Type Message — esp-nowCWE-125 6.5 Medium2024-09-12
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack — esp-idfCWE-367 6.1 Medium2024-03-25
CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption — esp-idfCWE-787 7.5 High2022-06-25

This page lists every published CVE security advisory associated with espressif. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.