CVE-2025-55297— ESF-IDF BluFi Example Memory Overflow Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-55297
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ESF-IDF BluFi Example Memory Overflow Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Espressif IoT Development Framework 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Espressif IoT Development Framework是Espressif Systems开源的一个物联网开发框架。 Espressif IoT Development Framework 存在安全漏洞,该漏洞源于内存溢出,可能导致Wi-Fi凭据处理和Diffie–Hellman密钥交换问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-55297
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-55297
请登录查看更多情报信息。
Patches & Fixes for CVE-2025-55297 (4)
Vendor Advisories for CVE-2025-55297 (1)
IV. Related Vulnerabilities
Same product: esp-idf
- CVE-2026-25508
ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisionin - CVE-2026-25507
ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning - CVE-2026-25532
ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Under - CVE-2025-68474
ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Ven - CVE-2025-68473
ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result
Same vendor: espressif
- CVE-2026-42854
arduino-esp32: Stack buffer overflow in WebServer multipart - CVE-2026-42855
arduino-esp32: Digest authentication URI mismatch bypass in - CVE-2026-41429
Improper validation of NBNS name_len in arduino-esp32 NetBIO - CVE-2026-25508
ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisionin - CVE-2026-25507
ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning
Same weakness: CWE-120
- CVE-2025-12686
DSM<1.3.2-65648缓冲区溢出漏洞 - CVE-2026-9627
UTT HiPER 1200GW Web Management setSysAdm strcpy buffer over - CVE-2026-7454
WRL File Parsing Memory Corruption in Autodesk 3ds Max - CVE-2026-7452
WRL File Parsing Memory Corruption in Autodesk 3ds Max - CVE-2018-25377
Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH
V. Comments for CVE-2025-55297
No comments yet