3 matches found
CVE-2025-53540
creationtimestamp| type| source ---|---|--- 2025-07-07 19:47:32+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114813675213683577 2025-07-07 23:38:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltfxfgtqq32f...
CVE-2025-53540
The CVE-2025-53540 entry concerns arduino-esp32 (Arduino core for ESP32/variants). Several OTA update examples and the HTTPUpdateServer allow POST requests without CSRF protection, enabling an attacker to upload arbitrary firmware and achieve remote code execution (RCE). Affected versions are pri...
CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...