Browse all 23 CVE security advisories affecting espressif. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Espressif Systems specializes in low-power Wi-Fi and Bluetooth microcontrollers, primarily serving the Internet of Things market with its ESP8266 and ESP32 series. These embedded devices are frequently targeted due to their widespread deployment in consumer electronics and industrial automation. Historically, security audits have identified critical vulnerabilities including remote code execution, buffer overflows, and improper access controls within the firmware and SDK components. Notable incidents involve flaws allowing unauthorized network access or denial-of-service attacks, often stemming from insufficient input validation in network stack implementations. The company has responded by issuing firmware updates and enhancing secure boot mechanisms, yet the complexity of integrating these chips into diverse third-party applications continues to pose significant security challenges for end-users who may lack the resources to patch legacy devices effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68657 | espressif/usb_host_hid Double-Free Race Condition in USB Host HID Device Close Path — esp-usbCWE-415 | 6.4 | Medium | 2026-01-12 |
| CVE-2025-68656 | Espressif ESP-IDF USB Host HID (Human Interface Device) Driver Descriptor Use-After-Free Vulnerability — esp-usbCWE-416 | 6.8 | Medium | 2026-01-12 |
| CVE-2025-68622 | Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing — esp-usbCWE-121 | 6.8 | Medium | 2026-01-12 |
This page lists every published CVE security advisory associated with espressif. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.