CVE-2026-25507
The CVE concerns ESF-IDF (Espressif IoT Development Framework) with a use-after-free in the BLE provisioning transport (protocomm_ble). Affected versions are 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6. When provisioning is stopped with keep_ble_on = true, internal protocomm_ble state and GATT metadata...