CVE-2025-65821

Name of the Vulnerable Software and Affected Versions ESP32 (affected versions not specified)

Description An enabled UART download mode on the ESP32 chip allows an attacker to extract sensitive data from the flash memory, including Wi-Fi network details stored in the NVS partition. This access also enables reflashing the device with potentially malicious firmware.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.