CVE-2026-25508 | Espressif ESP-IDF 5.1.6/5.2.6/5.3.4/5.4.3/5.5.2 BLE Provisioning Transport protocomm_ble out-of-bounds (GHSA-9j5x-rf36-54×9)

Inserito da Angelo Barbosa | Feb 4, 2026 | CVE

A vulnerability classified as critical has been found in Espressif ESP-IDF 5.1.6/5.2.6/5.3.4/5.4.3/5.5.2. This affects the function protocomm_ble of the component BLE Provisioning Transport. Performing a manipulation results in out-of-bounds read.

This vulnerability is known as CVE-2026-25508. Access to the local network is required for this attack. No exploit is available.

It is recommended to upgrade the affected component.

CVE-2026-25508 | Espressif ESP-IDF 5.1.6/5.2.6/5.3.4/5.4.3/5.5.2 BLE Provisioning Transport protocomm_ble out-of-bounds (GHSA-9j5x-rf36-54×9)

Post correlati

CVE-2024-5133 | lunary-ai lunary up to 1.2.4 API Response /v1/users/me/org recovery_token information disclosure

CVE-2024-21362 | Microsoft unknown vulnerability

CVE-2020-37013 | Tucows Audio Playback Recorder 3.2.2 eject/registration stack-based overflow (Exploit 48796)

CVE-2025-6601 | GitLab Enterprise Edition up to 18.4.2/18.5.0 logic error (Patch 551267)