Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2025-27840: Are our devices at risk? #5278

Open
mehdi-song opened this issue Mar 10, 2025 · 1 comment
Open

CVE-2025-27840: Are our devices at risk? #5278

mehdi-song opened this issue Mar 10, 2025 · 1 comment

Comments

@mehdi-song
Copy link

mehdi-song commented Mar 10, 2025
edited
Loading

HI
https://nvd.nist.gov/vuln/detail/CVE-2025-27840 describes the existence of undocumented command on the ESP32 that potentially act as backdoors. There's an article here:
https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
@TD-er
Copy link
Member

TD-er commented Mar 10, 2025
edited
Loading

Nope, it is completely blown out of context by calling it a 'backdoor'.

See also this Reddit post, which does explain it quite well:

Image
Screenshot from this explainer on YouTube: https://www.youtube.com/watch?v=ndM369oJ0tk&ab_channel=LowLevel

See also here: https://www.esp32.com/viewtopic.php?t=44776
Especially the post made by ESP_Sprite. (He is someone who really knows what he's talking about. I know his hacking work for ages before he started working at Espressif)

And the official reply from Espressif:
https://www.espressif.com/en/news/Response_ESP32_Bluetooth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TD-er @mehdi-song