CVE-2025-55297

Summary

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9.

Affected Software

VendorProductVersion RangeStatus
espressifesp-idf< 5.0.9affected
espressifesp-idf>= 5.1-beta1, < 5.1.6affected
espressifesp-idf>= 5.2-beta1, < 5.3.3affected
espressifesp-idf>= 5.4-beta1, < 5.4.1affected

Weaknesses

  • CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • CWE-131: CWE-131: Incorrect Calculation of Buffer Size

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References