Espressif · Esp32 · CVE-2025-12888
**Name of the Vulnerable Software and Affected Versions**
X25519 (affected versions not specified)
**Description**
A flaw exists in X25519 constant-time cryptographic implementations due to timing side channels. These side channels are introduced by compiler optimizations and CPU architecture limitations, particularly affecting Xtensa-based ESP32 chips. When targeting Xtensa, utilizing the low memory implementations of X25519 is recommended. The low memory implementations are now the default for Xtensa.
**Recommendations**
For Xtensa-based ESP32 chips, use the low memory implementations of X25519.