CVE-2026-25508 MEDIUM

CVE-2026-25508: ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning

Vendor Espressif
Product esp-idf
Weakness CWE-125
Published February 4, 2026
Last update February 4, 2026

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm_ble). The issue can be triggered by a remote BLE client while the device is in provisioning mode. The transport accumulated prepared-write fragments in a fixed-size buffer but incorrectly tracked the cumulative length. By sending repeated prepare write requests with overlapping offsets, a remote client could cause the reported length to exceed the allocated buffer size. This inflated length was then passed to provisioning handlers during execute-write processing, resulting in an out-of-bounds read and potential memory corruption. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.

Key dates

02Disclosure timeline

February 4, 2026 CVE published
February 4, 2026 Record updated