Esp32 Firmware CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-27840	1 Espressif	2 Esp32, Esp32 Firmware	2025-05-12	6.8 Medium
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
CVE-2021-34173	1 Espressif	2 Esp32, Esp32 Firmware	2024-11-21	7.5 High
An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover.

Page 1 of 1.