3 matches found
CVE-2025-53540
creationtimestamp| type| source ---|---|--- 2025-07-07 19:47:32+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114813675213683577 2025-07-07 23:38:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltfxfgtqq32f...
CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...
CVE-2025-53540
The CVE-2025-53540 entry concerns arduino-esp32 (Arduino core for ESP32/variants). Several OTA update examples and the HTTPUpdateServer allow POST requests without CSRF protection, enabling an attacker to upload arbitrary firmware and achieve remote code execution (RCE). Affected versions are pri...