ESPHome - Authentication Bypass

ESPHome 2025.8.0 contains an authentication bypass caused by improper validation of base64-encoded Authorization values in the webserver component, letting attackers access functionality without valid credentials, exploit requires crafted Authorization header. id: CVE-2025-57808 info: name: ESPHo...

CVE-2025-65713

Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability...

PT-2025-39369

Name of the Vulnerable Software and Affected Versions Sistemas Pleno Gestão de Locação versions up to 2025.7.x Description A flaw exists that allows for authorization bypass through manipulation of the pes cpf argument. This issue impacts an unknown function within the file...

PT-2025-35518

Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.8.0 Description ESPHome’s web server authentication check on the ESP-IDF platform can incorrectly pass when the client-supplied base64-encoded Authorization value is empty or a substring of the correct value. This allows...

ESPHome 安全漏洞

ESPHome is an ESPHome open source system for configuring and managing smart hardware. It is used to control Esp8266/Esp32 hardware for home automation control. A security vulnerability exists in ESPHome version 2025.8.0, which stems from improper webserver authentication checking and could lead t...