CVE-2026-25508— ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-25508
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning
Source: NVD (National Vulnerability Database)
Vulnerability Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm_ble). The issue can be triggered by a remote BLE client while the device is in provisioning mode. The transport accumulated prepared-write fragments in a fixed-size buffer but incorrectly tracked the cumulative length. By sending repeated prepare write requests with overlapping offsets, a remote client could cause the reported length to exceed the allocated buffer size. This inflated length was then passed to provisioning handlers during execute-write processing, resulting in an out-of-bounds read and potential memory corruption. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
Espressif ESP-IDF 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Espressif ESP-IDF是中国乐鑫(Espressif)公司的一款物联网开发框架。 Espressif ESP-IDF 5.5.2版本、5.4.3版本、5.3.4版本、5.2.6版本和5.1.6版本存在缓冲区错误漏洞,该漏洞源于BLE ATT Prepare Write处理存在越界读取问题,可能导致内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-25508
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-25508
请登录查看更多情报信息。
Same Patch Batch · espressif · 2026-02-04 · 3 CVEs total
| CVE-2026-25507 | 6.3 MEDIUM | ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning |
| CVE-2026-25532 | 6.3 MEDIUM | ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow |
IV. Related Vulnerabilities
Same product: esp-idf
- CVE-2026-25507
ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning - CVE-2026-25532
ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Under - CVE-2025-68474
ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Ven - CVE-2025-68473
ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result - CVE-2025-66409
ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP C
Same vendor: espressif
- CVE-2026-41429
Improper validation of NBNS name_len in arduino-esp32 NetBIO - CVE-2026-25507
ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning - CVE-2026-25532
ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Under - CVE-2025-68657
espressif/usb_host_hid Double-Free Race Condition in USB Hos - CVE-2025-68656
Espressif ESP-IDF USB Host HID (Human Interface Device) Driv
Same weakness: CWE-125
- CVE-2026-8177
XML::LibXML versions through 2.0210 for Perl read out-of-bou - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-7258
Out-of-bounds read in urldecode() on NetBSD - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-3508
ASUS System Control Interface 缓冲区错误漏洞
V. Comments for CVE-2026-25508
No comments yet