Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Espressif — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting Espressif. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Espressif Systems specializes in low-power Wi-Fi and Bluetooth microcontrollers, primarily serving the Internet of Things market with its ESP8266 and ESP32 series. These embedded devices are frequently targeted due to their widespread deployment in consumer electronics and industrial automation. Historically, security audits have identified critical vulnerabilities including remote code execution, buffer overflows, and improper access controls within the firmware and SDK components. Notable incidents involve flaws allowing unauthorized network access or denial-of-service attacks, often stemming from insufficient input validation in network stack implementations. The company has responded by issuing firmware updates and enhancing secure boot mechanisms, yet the complexity of integrating these chips into diverse third-party applications continues to pose significant security challenges for end-users who may lack the resources to patch legacy devices effectively.

Top products by Espressif: esp-idf arduino-esp32 esp-usb esp-now ESP32
CVE IDTitleCVSSSeverityPublished
CVE-2026-41429 Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption — arduino-esp32CWE-121 8.8 High2026-04-24
CVE-2026-25508 ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning — esp-idfCWE-125 6.3 Medium2026-02-04
CVE-2026-25507 ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning — esp-idfCWE-416 6.3 Medium2026-02-04
CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow — esp-idfCWE-191 6.3 Medium2026-02-04
CVE-2025-68657 espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path — esp-usbCWE-415 6.4 Medium2026-01-12
CVE-2025-68656 Espressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability — esp-usbCWE-416 6.8 Medium2026-01-12
CVE-2025-68622 Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing — esp-usbCWE-121 6.8 Medium2026-01-12
CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling — esp-idfCWE-787 7.5 -2025-12-26
CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling — esp-idfCWE-787 6.5 -2025-12-26
CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling — esp-idfCWE-125 6.5AIMediumAI2025-12-02
CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability — esp-idfCWE-125 9.1 -2025-11-21
CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability — esp-idfCWE-754--AI2025-11-17
CVE-2025-55297 ESF-IDF BluFi Example Memory Overflow Vulnerability — esp-idfCWE-120 7.4AIHighAI2025-08-21
CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution — arduino-esp32CWE-352 8.8AIHighAI2025-07-07
CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp — arduino-esp32CWE-113 7.5AIHighAI2025-06-26
CVE-2025-52471 ESP-NOW Integer Underflow Vulnerability Advisory — esp-idfCWE-191 9.8AICriticalAI2025-06-24
CVE-2025-27840 Espressif ESP32 安全漏洞 — ESP32CWE-912 6.8 Medium2025-03-08
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2 — esp-idfCWE-327 7.5 -2024-12-11
CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities — arduino-esp32CWE-20 10.0 Critical2024-09-17
CVE-2024-42483 ESP-NOW Replay Attacks Vulnerability — esp-nowCWE-349 6.5 Medium2024-09-12
CVE-2024-42484 ESP-NOW OOB Vulnerability In Group Type Message — esp-nowCWE-125 6.5 Medium2024-09-12
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack — esp-idfCWE-367 6.1 Medium2024-03-25
CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption — esp-idfCWE-787 7.5 High2022-06-25

This page lists every published CVE security advisory associated with Espressif. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.