E

Espressif Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Espressif products.

2 known CVE vulnerabilities tracked

Critical
0
High
2
Medium
0
Low
0
None
0

Vulnerabilities By Year

2
2025

Products Affected

Esp-Idf 2

All Espressif CVEs

Recent Highest Score Oldest
CVE-2025-68474
7.6 high

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual

Esp-Idf Dec 27, 2025
CVE-2025-68473
8.6 high

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUID

Esp-Idf Dec 27, 2025