ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled on ESP32, receiving a malformed VENDOR DEPENDENT command from a peer device can cause the Bluetooth stack to access memory before validating the command buffer length. This may lead to an out-of-bounds read, potentially exposing unintended memory content or causing unexpected behavior.
{
"cwe_ids": [
"CWE-125"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66409.json",
"cna_assigner": "GitHub_M"
}{
"cpe": "cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "5.1.6"
},
{
"introduced": "5.2"
},
{
"last_affected": "5.2.6"
},
{
"introduced": "5.3"
},
{
"last_affected": "5.3.4"
},
{
"introduced": "5.4"
},
{
"last_affected": "5.4.3"
},
{
"introduced": "5.5"
},
{
"last_affected": "5.5.1"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}