Lucene search
K

170 matches found

RedhatCVE
RedhatCVE
added 2025/12/11 5:3 a.m.7 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

7.5CVSS6.6AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.8 views

EUVD-2025-202625

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

6.1AI score0.00322EPSS
Exploits0References3
NVD
NVD
added 2025/12/10 9:16 p.m.7 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

7.5CVSS0.00322EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 9:16 p.m.12 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

7.5CVSS5.8AI score0.00322EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.1 views

CVE-2025-65829

The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...

6.6AI score0.00279EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/10 12:0 a.m.3 views

CVE-2025-65822

The ESP32 system on a chip SoC that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be...

6.5AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.22 views

CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to...

0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.20 views

CVE-2025-65822

The ESP32 system on a chip SoC that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be...

0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.21 views

CVE-2025-65829

The ESP32 system on a chip SoC that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved ...

0.00279EPSS
Exploits0References2
OSV
OSV
added 2025/12/02 6:9 p.m.6 views

CVE-2025-66409 ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command...

6.9CVSS7.1AI score0.00554EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/11/27 7:0 a.m.12 views

CVE-2025-65092

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

6.9CVSS6.9AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/22 11:12 p.m.6 views

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS6.7AI score0.00274EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-12888

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture...

7.5CVSS5.7AI score0.00274EPSS
Exploits0References3
OSV
OSV
added 2025/11/21 11:15 p.m.5 views

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2025/11/21 11:15 p.m.7 views

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS0.00274EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 11:15 p.m.3 views

DEBIAN-CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS5.2AI score0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/21 10:50 p.m.14 views

CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

1CVSS0.00274EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/21 10:50 p.m.2 views

CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

1CVSS6.4AI score0.00274EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/11/21 10:50 p.m.4 views

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

7.5CVSS6.8AI score0.00274EPSS
Exploits0
OSV
OSV
added 2025/11/21 9:33 p.m.6 views

CVE-2025-65092 ESP32-P4 JPEG Decoder Header Parsing Vulnerability

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted malicious JPEG image could exploit the parsing routine and trigg...

6.9CVSS6.8AI score0.0032EPSS
Exploits0References7
Rows per page
Query Builder