Vulnerability in Espressif Esp-idf

CVE-2025-64342

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000000 or 0xFFFFFFFF, advertising may stop…

EPSS: 0.001 (24.3th percentile) — read the EPSS interpretation.

Affected products

Espressif Esp-idf — versions >= 5.5-beta1, < 5.5.2, >= 5.4-beta1, < 5.4.3, >= 5.3-beta1, < 5.3.5

Weakness classification (CWE)

CWE-754 — Improper Check for Unusual or Exceptional Conditions

References

https://github.com/espressif/esp-idf/security/advisories/GHSA-8mg7-9qpg-p92v (x_refsource_CONFIRM)
https://github.com/espressif/esp-idf/commit/309f031dd6b04de30c926a256508c65b0df95dfa (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/3b95b50703cd3301a370cffaa1cc299b1941fe2a (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/75967b578563ea7876dc215251cbb6d64bc9d768 (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/8ec541023684d33b498fa21c5b4724bce748aa7b (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/bf66761962579f73aea682d1154b9c99b9d3d7dc (x_refsource_MISC)
https://github.com/espressif/esp-idf/commit/e3d70429566ece1ef593d36aa4ebd320e0c95925 (x_refsource_MISC)