Espressif · Esp-Idf · CVE-2025-55297
Name of the Vulnerable Software and Affected Versions:
ESP-IDF versions prior to 5.0.9
ESP-IDF versions 5.0.0 through 5.0.8
ESP-IDF versions 5.1.0 through 5.1.5
ESP-IDF versions 5.3.0 through 5.3.2
ESP-IDF versions 5.4.0 through 5.4.0
Description:
The Espressif Internet of Things (IOT) Development Framework (ESF-IDF) BluFi example is susceptible to memory overflows in Wi-Fi credential handling and Diffie–Hellman key exchange.
Recommendations:
Update to ESP-IDF version 5.0.9 or later.
Update to ESP-IDF version 5.1.6 or later.
Update to ESP-IDF version 5.3.3 or later.
Update to ESP-IDF version 5.4.1 or later.