CVE-2025-41361

Name of the Vulnerable Software and Affected Versions IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04

Description The devices improperly handle TLS requests associated with PROCOME sockets. This can cause the device to reboot, resulting in a denial of service when TLS requests are sent to those PROCOME ports. To exploit this issue, PROCOME ports must be configured and active, with communications encryption active.

Recommendations For IDF version 0.10.0-0C03-03, consider disabling the PROCOME ports until a patch is available to prevent unauthorized reboot via TLS requests. For ZLF version 0.10.0-0C03-04, restrict access to the PROCOME ports to minimize the risk of exploitation. As a temporary workaround, consider disabling communications encryption for PROCOME ports until the issue is resolved.