Esp-Idf CVE Vulnerabilities

By Espressif2 known vulnerabilities

Critical
0
High
2
Medium
0
Low
0
None
0

All Esp-Idf CVEs

Recent Highest Score Oldest
CVE-2025-68474
7.6 high

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual

Dec 27, 2025
CVE-2025-68473
8.6 high

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUID

Dec 27, 2025