Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-65092

Good to know:

icon
icon

Date: November 21, 2025

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.

Severity Score

Related Resources (7)

https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42
https://nvd.nist.gov/vuln/detail/CVE-2025-65092
https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17
https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8
https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27
https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c
https://www.mend.io/vulnerability-database/CVE-2025-65092

Severity Score

Weakness Type (CWE)

Integer Underflow (Wrap or Wraparound)

CWE-191

Out-of-bounds Read

CWE-125

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/espressif/esp-idf.git - v5.3.5;https://github.com/espressif/esp-idf.git - v5.4.4;https://github.com/espressif/esp-idf.git - v5.5.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us