CVE-2025-53007

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoing...