PT-2025-34229 · Espressif · Esp-Idf
Esp-Zhp
+1
·
Published
2025-08-21
·
Updated
2026-01-22
·
CVE-2025-55297
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
ESP-IDF versions prior to 5.0.9
ESP-IDF versions 5.0.0 through 5.0.8
ESP-IDF versions 5.1.0 through 5.1.5
ESP-IDF versions 5.3.0 through 5.3.2
ESP-IDF versions 5.4.0 through 5.4.0
Description:
The Espressif Internet of Things (IOT) Development Framework (ESF-IDF) BluFi example is susceptible to memory overflows in Wi-Fi credential handling and Diffie–Hellman key exchange.
Recommendations:
Update to ESP-IDF version 5.0.9 or later.
Update to ESP-IDF version 5.1.6 or later.
Update to ESP-IDF version 5.3.3 or later.
Update to ESP-IDF version 5.4.1 or later.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Esp-Idf