Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
Loading...
Loading...
Score 6.8 from GitHub Security Advisory published 2025-03-08. NVD baseline CVSS 6.8; sources differ by 0.0.
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
March 8, 2025
March 12, 2025
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.
Working exploit code is in the public domain (2 GitHub PoCs). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
Bitcoin Cryptanalysis: CVE-2025-27840 Vulnerability in ESP32 Microcontrollers Puts Billions of IoT Devices at Risk via Wi-Fi & Bluetooth
Open source ↗Expanded version of the code shown at RootedCON redone in python - CVE-2025-27840
Open source ↗See which npm, PyPI, Go, and Maven packages are affected by CVE-2025-27840
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.