CVE-2025-66409CRITICAL 9.1EPSS p40.7%

CVE-2025-66409CVE-2025-66409

Description

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.53% probability of exploitation · percentile 40.7% · 2026-06-19T12:03:05Z
Published2025-12-02
Last modified2026-02-13

Underlying weaknesses· 1

CWE-125

References

  1. https://github.com/espressif/esp-idf/commit/075ed218cadb8088155521cd8a795d8a626519fb
  2. https://github.com/espressif/esp-idf/commit/2f788e59ee361eee230879ae2ec9cf5c893fe372
  3. https://github.com/espressif/esp-idf/commit/798029129a71c802cff0e75eb59f902bca8f1946
  4. https://github.com/espressif/esp-idf/commit/999710fccf95ae128fe51b5679d6b7c75c50d902
  5. https://github.com/espressif/esp-idf/commit/d5db5f60fc1dcfdd8cd3ee898fdefaa272988ace
  6. https://github.com/espressif/esp-idf/commit/daeeba230327176b9627b1caa94acdc54065c4b7
  7. https://github.com/espressif/esp-idf/security/advisories/GHSA-qhf9-vr2h-jh96

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Readcwe-1250%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-46532
CVE
CVE-2025-68473
CVE
CVE-2026-45160
CVE
CVE-2026-45329
CVE
CVE-2025-55297
CVE
CVE-2025-52471
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.