Out-of-Bounds Access Vulnerability in Espressif IoT Development Framework for ESP32-P4
CVE-2025-65092

6.9MEDIUM

Key Information:

Vendor

Espressif

Status
Esp-idf
Vendor
CVE Published:
21 November 2025

What is CVE-2025-65092?

The Espressif IoT Development Framework (ESF-IDF) contains a vulnerability in its hardware JPEG decoder that affects versions 5.5.1, 5.4.3, and 5.3.4. Insufficient validation checks in the software parser can be exploited by a specially crafted JPEG image, leading to out-of-bounds array access. This issue poses security risks and has been addressed in the upcoming fixed versions 5.5.2, 5.4.4, and 5.3.5, with specific commits outlining the modifications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

esp-idf = 5.5.1 = 5.5.1

esp-idf = 5.4.3 = 5.4.3

esp-idf = 5.3.4 = 5.3.4

References

https://github.com/espressif/esp-idf/security/advisories/...
x_refsource_CONFIRM
https://github.com/espressif/esp-idf/commit/34e2726254201...
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/4b8f5859dbe05...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.