CVE-2026-25532

Name of the Vulnerable Software and Affected Versions Espressif Internet of Things (IOT) Development Framework versions 5.1.6 through 5.5.2

Description The Espressif Internet of Things (IOT) Development Framework contains a flaw in the WPS (Wi-Fi Protected Setup) Enrollee implementation. Malformed EAP-WSC packets with truncated payloads can trigger an integer underflow during fragment length calculation. Specifically, when processing EAP-Expanded (WSC) messages, the code calculates frag len by subtracting header sizes from the total packet length. An attacker can send a packet where the EAP Length field only covers the header and flags, omitting the expected payload. This causes frag len to become negative, which is then implicitly cast to a size t value when passed to the wpabuf put data() function, resulting in a large unsigned value.

Recommendations Update to version 5.5.3 or later. Update to version 5.4.4 or later. Update to version 5.3.5 or later. Update to version 5.2.7 or later. Update to version 5.1.7 or later.