CVE-2026-25507

EPSS 0.2%
Veröffentlicht 04.02.2026 18:16:09
Zuletzt bearbeitet 20.02.2026 17:12:46
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

ESF-IDF Has Use-after-free Vulnerability in BLE Provisioning

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport (protocomm_ble) layer. The issue can be triggered by a remote BLE client while the device is in provisioning mode. The vulnerability occurred when provisioning was stopped with keep_ble_on = true. In this configuration, internal protocomm_ble state and GATT metadata were freed while the BLE stack and GATT services remained active. Subsequent BLE read or write callbacks dereferenced freed memory, allowing a connected or newly connected client to trigger invalid memory acces. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Espressif ≫ Esp-idf Version5.1.6

Espressif ≫ Esp-idf Version5.2.6

Espressif ≫ Esp-idf Version5.3.4

Espressif ≫ Esp-idf Version5.4.3

Espressif ≫ Esp-idf Version5.5.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.3	2.1	4.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
security-advisories@github.com	6.3	2.1	4.2	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea676d5c4a9

Patch

https://github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821310bcf6d7

Patch

https://github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31fb5f36d70

Patch

https://github.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6

Patch

https://github.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b64191883517dddb5cf

Patch

https://github.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe5d23de663

Patch

https://github.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46369aeee63

Patch

https://github.com/espressif/esp-idf/security/advisories/GHSA-h7r3-gmg9-xjmg

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-25507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-25507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-25507

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-25507