CVE-2025-27840

Name of the Vulnerable Software and Affected Versions Espressif ESP32 (affected versions not specified)

Description The Espressif ESP32 chip contains 29 hidden HCI commands, such as 0xFC02 (Write memory), which can be used for cyberattacks. These commands can be exploited to impersonate trusted devices, gain unauthorized access to data, pivot to other devices on the network, and potentially establish long-term persistence. The issue affects over a billion devices worldwide, including IoT devices, and highlights the need for better security audits.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.