CVE-2025-27840 MEDIUM

CVE-2025-27840

Vendor Espressif
Product ESP32
Weakness CWE-912
Published March 8, 2025
Last update May 12, 2025

CVSS base score

6.8/10
Attack vector Physical
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Key dates

02Disclosure timeline

March 8, 2025 CVE published
May 12, 2025 Record updated