Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

espressif — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting espressif. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Espressif Systems specializes in low-power Wi-Fi and Bluetooth microcontrollers, primarily serving the Internet of Things market with its ESP8266 and ESP32 series. These embedded devices are frequently targeted due to their widespread deployment in consumer electronics and industrial automation. Historically, security audits have identified critical vulnerabilities including remote code execution, buffer overflows, and improper access controls within the firmware and SDK components. Notable incidents involve flaws allowing unauthorized network access or denial-of-service attacks, often stemming from insufficient input validation in network stack implementations. The company has responded by issuing firmware updates and enhancing secure boot mechanisms, yet the complexity of integrating these chips into diverse third-party applications continues to pose significant security challenges for end-users who may lack the resources to patch legacy devices effectively.

Found 13 results / 23Clear Filters
Top products by espressif: esp-idf arduino-esp32 esp-usb esp-now ESP32
CVE IDTitleCVSSSeverityPublished
CVE-2026-25508 ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning — esp-idfCWE-125 6.3 Medium2026-02-04
CVE-2026-25507 ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning — esp-idfCWE-416 6.3 Medium2026-02-04
CVE-2026-25532 ESF-IDF is Vulnerable to WPS Enrollee Fragment Integer Underflow — esp-idfCWE-191 6.3 Medium2026-02-04
CVE-2025-68474 ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling — esp-idfCWE-787 7.5 -2025-12-26
CVE-2025-68473 ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling — esp-idfCWE-787 6.5 -2025-12-26
CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling — esp-idfCWE-125 6.5AIMediumAI2025-12-02
CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability — esp-idfCWE-125 9.1 -2025-11-21
CVE-2025-64342 ESF-IDF's ESP32 Bluetooth Controller Has an Invalid Access Address Vulnerability — esp-idfCWE-754--AI2025-11-17
CVE-2025-55297 ESF-IDF BluFi Example Memory Overflow Vulnerability — esp-idfCWE-120 7.4AIHighAI2025-08-21
CVE-2025-52471 ESP-NOW Integer Underflow Vulnerability Advisory — esp-idfCWE-191 9.8AICriticalAI2025-06-24
CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2 — esp-idfCWE-327 7.5 -2024-12-11
CVE-2024-28183 Anti Rollback bypass with physical access and TOCTOU attack — esp-idfCWE-367 6.1 Medium2024-03-25
CVE-2022-24893 Espressif Bluetooth Mesh Stack Vulnerable to Out-of-bounds Write leading to memory buffer corruption — esp-idfCWE-787 7.5 High2022-06-25

This page lists every published CVE security advisory associated with espressif. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.