CVE-2025-64342

Name of the Vulnerable Software and Affected Versions ESF-IDF versions prior to 5.1.7 ESF-IDF versions prior to 5.2.6 ESF-IDF versions prior to 5.3.5 ESF-IDF versions prior to 5.4.3 ESF-IDF versions prior to 5.5.2

Description ESF-IDF, the Espressif Internet of Things (IOT) Development Framework, is affected by an issue where the ESP32, while in advertising mode, may cease advertising unexpectedly upon receiving a connection request with an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF. This can lead to the controller incorrectly reporting a connection event to the host, potentially causing the application layer to falsely believe a successful connection has been established.

Recommendations Update to ESF-IDF version 5.1.7 or later. Update to ESF-IDF version 5.2.6 or later. Update to ESF-IDF version 5.3.5 or later. Update to ESF-IDF version 5.4.3 or later. Update to ESF-IDF version 5.5.2 or later.