ghsa-jfwf-rfmg-7f8m
Vulnerability from github
Published
2025-03-08 21:30
Modified
2025-03-11 18:32
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Details

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-27840"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-912"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-08T20:15:36Z",
    "severity": "MODERATE"
  },
  "details": "Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).",
  "id": "GHSA-jfwf-rfmg-7f8m",
  "modified": "2025-03-11T18:32:12Z",
  "published": "2025-03-08T21:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27840"
    },
    {
      "type": "WEB",
      "url": "https://cheriot.org/auditing/backdoor/2025/03/09/no-esp32-style-backdoor.html"
    },
    {
      "type": "WEB",
      "url": "https://darkmentor.com/blog/esp32_non-backdoor"
    },
    {
      "type": "WEB",
      "url": "https://flyingpenguin.com/?p=67838"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/em0gi/CVE-2025-27840"
    },
    {
      "type": "WEB",
      "url": "https://github.com/esphome/esphome/discussions/8382"
    },
    {
      "type": "WEB",
      "url": "https://github.com/orgs/espruino/discussions/7699"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=43301369"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=43308740"
    },
    {
      "type": "WEB",
      "url": "https://reg.rootedcon.com/cfp/schedule/talk/5"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices"
    },
    {
      "type": "WEB",
      "url": "https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices"
    },
    {
      "type": "WEB",
      "url": "https://www.espressif.com/en/news/Response_ESP32_Bluetooth"
    },
    {
      "type": "WEB",
      "url": "https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices"
    },
    {
      "type": "WEB",
      "url": "https://x.com/pascal_gujer/status/1898442439704158276"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.