Out-of-Bounds Write Vulnerability in ESP-IDF Bluetooth Stack by Espressif
CVE-2025-68473

NONE

Key Information:

Vendor

Espressif

Status
Esp-idf
Vendor
CVE Published:
26 December 2025

What is CVE-2025-68473?

In the ESP-IDF Bluetooth host stack, specifically within the bta_dm_sdp_result() function, a fixed-size array is utilized to store discovered service UUIDs. This implementation limits the capacity to just 32 entries. Modern Bluetooth devices often provide more than this threshold. If the number of discovered services exceeds 32, it results in overwriting memory bounds, creating a potential out-of-bounds write condition that may compromise the stability and security of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

esp-idf >= 5.5-beta1, <= 5.5.1 <= 5.5-beta1, 5.5.1

esp-idf >= 5.4-beta1, <= 5.4.3 <= 5.4-beta1, 5.4.3

esp-idf >= 5.3-beta1, <= 5.3.4 <= 5.3-beta1, 5.3.4

References

https://github.com/espressif/esp-idf/security/advisories/...
x_refsource_CONFIRM
https://github.com/espressif/esp-idf/commit/3286e45349b0b...
x_refsource_MISC
https://github.com/espressif/esp-idf/commit/4d928f2265c39...
x_refsource_MISC

CVSS V4

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.