CVE-2025-53540 | Espressif arduino-esp32 up to 3.2.0 Update Endpoint cross-site request forgery (GHSA-9vfw-wx65-c872 / EUVD-2025-20306)

Inserito da Angelo Barbosa | Lug 7, 2025 | CVE

A vulnerability was found in Espressif arduino-esp32 up to 3.2.0. It has been classified as problematic. This affects an unknown part of the component Update Endpoint. The manipulation leads to cross-site request forgery.

This vulnerability is uniquely identified as CVE-2025-53540. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-53540 | Espressif arduino-esp32 up to 3.2.0 Update Endpoint cross-site request forgery (GHSA-9vfw-wx65-c872 / EUVD-2025-20306)

Post correlati

CVE-2025-25950 | Serosoft Academia Student Information System EagleR 1.0.118 update access control

CVE-2025-47936 | TYPO3 up to 12.4.30/13.4.11 Webhook server-side request forgery

CVE-2024-27841 | Apple macOS Kernel Memory information disclosure

CVE-2024-28834 | GnuTLS Minerva information disclosure