Memory Overflow Vulnerability in Espressif IoT Development Framework
CVE-2025-55297

5.2MEDIUM

Key Information:

Vendor: Espressif
Status: Esp-idf
Vendor: CVE Published:; 21 August 2025

🔔 Create Espressif Vulnerability Alert

What is CVE-2025-55297?

The Espressif IoT Development Framework contains vulnerabilities that expose critical weaknesses in memory management, particularly concerning Wi-Fi credential handling and Diffie-Hellman key exchange mechanisms. These issues can lead to unexpected behavior and security exploits, underscoring the importance of updating to the latest versions where these vulnerabilities have been resolved. Users are advised to upgrade to ESP-IDF versions 5.4.1, 5.3.3, 5.1.6, or 5.0.9 to mitigate potential risks.

Affected Version(s)

esp-idf < 5.0.9 < 5.0.9

esp-idf >= 5.1-beta1, < 5.1.6 < 5.1-beta1, 5.1.6

esp-idf >= 5.2-beta1, < 5.3.3 < 5.2-beta1, 5.3.3

References

https://github.com/espressif/esp-idf/security/advisories/...

x_refsource_CONFIRM

https://github.com/espressif/esp-idf/commit/12b7a9e6d7801...

x_refsource_MISC

https://github.com/espressif/esp-idf/commit/3fc6c93936077...

x_refsource_MISC

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 21, 2025
Vulnerability Reserved
Aug 12, 2025

.

CVE-2025-55297 : Memory Overflow Vulnerability in Espressif IoT Development Framework