CVE-2025-66409

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.5.1 through 5.1.6

Description ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.

Recommendations Versions prior to 5.5.2 should be used.