Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2026-25508
Good to know:
Date: February 4, 2026
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm_ble). The issue can be triggered by a remote BLE client while the device is in provisioning mode. The transport accumulated prepared-write fragments in a fixed-size buffer but incorrectly tracked the cumulative length. By sending repeated prepare write requests with overlapping offsets, a remote client could cause the reported length to exceed the allocated buffer size. This inflated length was then passed to provisioning handlers during execute-write processing, resulting in an out-of-bounds read and potential memory corruption. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
Out-of-bounds Read
CWE-125Top Fix
Upgrade Version
Upgrade to version https://github.com/espressif/esp-idf.git - v5.1.7;https://github.com/espressif/esp-idf.git - v5.2.7;https://github.com/espressif/esp-idf.git - v5.3.5;https://github.com/espressif/esp-idf.git - v5.4.4;https://github.com/espressif/esp-idf.git - v5.5.2
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | ADJACENT_NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | LOW |
| Availability (A): | HIGH |