CVE-2025-27579

Source
https://cve.org/CVERecord?id=CVE-2025-27579
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27579.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-27579
Published
2025-03-02T00:00:00Z
Modified
2026-07-10T12:43:48.036957Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27579.json",
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-352"
    ]
}
References

Affected packages

Git / github.com/bitaxeorg/ESP-Miner

Affected ranges

Type
GIT
Repo
https://github.com/bitaxeorg/ESP-Miner
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.5.0"
        }
    ]
}

Affected versions

v1.*
v1.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.1.0
v2.1.1
v2.1.10
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.3.0b3
v2.3.0b4
v2.3.0b5
v2.3.0b6
v2.3.0b7
v2.3.1b1
v2.4.0
v2.4.0b1
v2.4.0b2
v2.4.1
v2.4.1b2
v2.4.1b3
v2.4.2
v2.4.2b1
v2.4.2b2
v2.4.3
v2.4.3b1
v2.4.3b2
v2.4.4
v2.4.5

Database specific

vanir_signatures_modified
"2026-07-10T12:43:48Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27579.json"
vanir_signatures
[
    {
        "id": "CVE-2025-27579-19199eed",
        "digest": {
            "function_hash": "117425552862137298526935218198231125166",
            "length": 1232.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "POST_OTA_update",
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-489bd141",
        "digest": {
            "function_hash": "265571103042195546018461074667353015781",
            "length": 230.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "echo_handler",
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-5939981a",
        "digest": {
            "function_hash": "60323486346228250491807775595365065620",
            "length": 360.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "POST_restart",
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-7a033fa9",
        "digest": {
            "line_hashes": [
                "244480751629666037150751136806205757151",
                "316904983237818168542589409205459908820",
                "309711950232842657218859570914080482782",
                "150949670518811521928811296487320271858",
                "112083171654878446351641839830811321644",
                "310798565217150351971400035009799501380",
                "233950996322954054691024752580707747841",
                "235928472145655116304906683654242108755",
                "26266921249535457487984591073138173356",
                "303642867104101915511706068300706874836",
                "261873872586499361286900345671082496799",
                "6962054176701614108283400373749323807",
                "14417434479585042717693685468869744964",
                "82254236559372802773756763330228900991",
                "94990039587786496805187422887143094946",
                "211760873473522476155867437517205349327",
                "108844867524873268876896204133393964855",
                "275617105441601736051415112197016623311",
                "94990039587786496805187422887143094946",
                "313729904756706155024813184276825739150",
                "78661556131630815147330788907102687557",
                "221807133318908885264603189335803568058",
                "94990039587786496805187422887143094946",
                "334494019112640453009840704173393527595",
                "153266991967096988442243083416481736590",
                "273227577416235618737018179325324323993",
                "153757769438710393835270911781116060997",
                "35339553768736063730373595651948821284",
                "214751758919388070205014733279389248849",
                "41740313964052717060159213196024128245",
                "228889229866460249963318991802534970164",
                "223637234917141591431817534876681992731",
                "308519231509459201572675075685606244874",
                "216115008552246272189239457407263773682",
                "228889229866460249963318991802534970164",
                "90152816905881810675568218936085706194",
                "149974810021858003873197870255312501131",
                "228456411310002017861349822379614985701",
                "301376630698687632237995159713337218358",
                "196482318245847967852794484650861766056",
                "319522634840444472677612213755321351851",
                "54557011006994140043663125532586401936",
                "154268117566549786132837165816609920853",
                "41924570408023754832004534886394135620",
                "56759087805816061427060182268466130388",
                "187242214249363096925585159420574847687",
                "101320890716156579248618341970434834230",
                "278615315591681044019535052804095168016",
                "66447876209669114671042317859841199828",
                "79406520790016592707102599220937696250",
                "118467540477452073182500132635788277643",
                "332108145343722433993413851444795115032",
                "252459972544880466194047044084745085682",
                "142315710902617605636022379444487367096",
                "291285574437084175372178096596132414627",
                "158915766063340010653644576787620431688",
                "107823892661579332081885550483148047232",
                "15977036628927854708550779872748587361",
                "202453935545044043437634515641884154694",
                "190102058106141950157460385929500640845",
                "245145838584484110703471200302518624694",
                "82001467412070861539734768953481439256",
                "107217020745815151210979898857014146453",
                "179178894147017638526092393792289894999",
                "7759871166987334482016376353026149010",
                "260764352898769237219443265881244044964",
                "158740147832325934184739896211577404164",
                "57025819999023023057714441841934147565",
                "257658163608552965435604776797682196451",
                "219100236309928304307302660507189386093",
                "84938507811162920785700568830648095115",
                "174679064364193363441935925382505360758",
                "43054592422240898165508344753282931010"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-9fec8917",
        "digest": {
            "function_hash": "227336434050099744843291763498585578864",
            "length": 1202.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "POST_WWW_update",
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-a5554b4f",
        "digest": {
            "function_hash": "316237739374606816369934663233422125448",
            "length": 3197.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "PATCH_update_settings",
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-bacc4a71",
        "digest": {
            "function_hash": "46076139298436731725707053249907169521",
            "length": 120.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "rest_recovery_handler",
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-c69fcb3e",
        "digest": {
            "function_hash": "274449569490518693246010528569340235907",
            "length": 168.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "handle_options_request",
            "file": "main/http_server/http_server.c"
        }
    },
    {
        "id": "CVE-2025-27579-fb1af45e",
        "digest": {
            "function_hash": "249567908091338272029416888894006408871",
            "length": 4533.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/bitaxeorg/ESP-Miner/commit/a04c00ba070dbfc61682041d944a6fa19857a90c",
        "deprecated": false,
        "target": {
            "function": "GET_system_info",
            "file": "main/http_server/http_server.c"
        }
    }
]