← Back

CVE-2025-66409

nvd nist
Published: Dec 2, 2025Modified: Feb 13, 2026

JSON object

Loading...
2.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: security-advisories@github.com (Secondary)

Description

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.

Affected (5)

Products: Espressif: Esp Idf
Espressif
1 product
Esp Idf
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Espressif
Esp Idf
Up to 5.1.6
Esp Idf
From 5.2 to 5.2.6
Esp Idf
From 5.3 to 5.3.4
Esp Idf
From 5.4 to 5.4.3
Esp Idf
From 5.5 to 5.5.1

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (7)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
PatchVendor Advisory

Timeline

No history available yet.