CVE-2025-68657

CVSS v3.1

6.4

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 1.1.0

Description The USB Host HID (Human Interface Device) Driver in ESP-IDF allows access to HID devices. Prior to version 1.1.0, the hid host device close() function can free the same usb transfer t twice. The USB event callback and user code share the hid iface t state without locking, potentially leading to simultaneous teardown of a READY interface and corruption of heap metadata within the ESP USB host stack.

Recommendations Update to version 1.1.0 or later.

Exploit

Fix

Double Free

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-667

Related Identifiers

CVE-2025-68657

GHSA-GP8R-QJFR-GQFV

Affected Products

Esp-Idf

CVE-2025-68657

Weakness Enumeration

Related Identifiers

Affected Products

References · 7