CVE-2025-65092 in esp-idfinfo

Zusammenfassung

von MITRE • 22.11.2025

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

17.11.2025

Veröffentlichung

22.11.2025

Moderieren

akzeptiert

Eintrag

VDB-333282

CPE

bereit

CWE

CWE-125 (bestätigt)

CVSS

5.3 (VulDB)

EPSS

0.00086

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-65092
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-65092
CVE Details	https://www.cvedetails.com/cve/CVE-2025-65092/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!