CVE-2025-66409 LOW

CVE-2025-66409: ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling

Vendor Espressif
Product esp-idf
Weakness CWE-125
Published December 2, 2025
Last update December 2, 2025

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated