CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-27840

High Severity
Espressif
SVRS
66/100
CVSSv3
6.8/10
EPSS
0.00102/1

CVE-2025-27840: Espressif ESP32 chips are vulnerable due to 29 hidden HCI commands. This flaw allows unauthorized actions, such as writing to memory, potentially leading to system compromise. The vulnerability stems from inadequate access controls on these hidden commands.

With an SVRS of 66, CVE-2025-27840 indicates a moderate risk requiring attention, even though it is not classified as critical. Attackers could exploit these hidden commands to manipulate device behavior or extract sensitive information. Successfully exploiting this vulnerability can result in a compromise of confidentiality, integrity, and availability of devices using ESP32 chips. Organizations using these chips should investigate and mitigate this risk to protect against potential attacks, especially considering the "In The Wild" tag, which suggests active exploitation.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:P
AC:L
PR:H
UI:N
S:C
C:H
I:H
A:N
PUBLICATION DATE2025-03-08
LAST MODIFIED2025-03-12

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

17th March – Threat Intelligence Report
[email protected]2025-03-17
17th March – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 17th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point Research elaborates about the pro-Palestinian hacktivist group “Dark Storm” which claimed the large-scale DDoS attack against X (formerly Twitter). The attack disrupted access to the platform, causing outages for users […] The post 17th March – Threat Intelligence Report appeared first on Check Point
checkpoint.com
rss
forum
news
Undocumented ESP32 Commands Pose Security Risks, Researchers Warn
Shruti Jain ([email protected])2025-03-15
Undocumented ESP32 Commands Pose Security Risks, Researchers Warn |   The widely used ESP32 microchip, manufactured by Chinese company Espressif and embedded in over a billion devices as of 2023, has been found to contain undocumented commands that could be exploited for cyberattacks.
blogger.com
rss
forum
news
PHP flaw sparks global attack wave. - The CyberWire
2025-03-09
PHP flaw sparks global attack wave. - The CyberWire | News Content: PHP exploits are active in the wild. Security researchers discover undocumented commands in a popular Wi-Fi and Bluetooth-enabled microcontroller. The ONCD could gain influence in this second Trump administration. The Akira ransomware gang leverages an unsecured webcam. Mission, Texas declares a state of emergency following a cyberattack. The FBI and Secret Service confirm crypto-heists are linked to the 2022 LastPass breach. A popular home appliance manufacturer suffers a cyberattack. Switzerland updates reporting requirements for critical infrastructure operators. Our guest is Errol Weiss, Chief Security Officer at the
google.com
rss
forum
news
Seu Bluetooth pode ter uma backdoor
Da Redação2025-03-09
Seu Bluetooth pode ter uma backdoor | Pesquisadores espanhóis presentes na conferência internacional RootedCon identificaram 29 comandos ocultos na comunicação Bluetooth HCI dos chips ESP32, da empresa chinesa Espressif, criando risco de manipulação da memória e controle total do dispositivo (vulnerabilildade CVE-2025-27840, CVSS 6.8, risco médio). Apesar do CVSS médio, a falha permite a falsificação de endereços MAC e acesso não autorizado […] Fonte
cisoadvisor.com.br
rss
forum
news
CVE-2025-27840 | Espressif ESP32 2025-03-06 backdoor
vuldb.com2025-03-08
CVE-2025-27840 | Espressif ESP32 2025-03-06 backdoor | A vulnerability was found in Espressif ESP32 2025-03-06. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to backdoor. This vulnerability is known as CVE-2025-27840. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com
rss
forum
news

Social Media

🚨 ESP32 Bluetooth security flaw discovered! 🔹 29 undocumented commands found in firmware 🔹 Enables device spoofing, memory access, & malware persistence 🔹 Tracked as CVE-2025-27840 IoT security at risk! #Deepweb Breaking news from the world & Darkweb: https://t.co/ZF7G3lwjoe https://t.co/23zhN2J3EU
0
0
0
chip, used in over a billion IoT devices, posing security risks like device spoofing and persistent malware. The issue is tracked under CVE-2025-27840. By Bill Toulas via BleepingComputer https://t.co/sSXgdusKL0
1
0
0
Tarlogic detects a hidden feature in the mass-market ESP32 chip that could infect millions of IoT devices https://t.co/fkKNms3jli #CVE-2025-27840 #ESP32 #backdoor #hacking #cybersec #cybersecurity
0
0
1
CVE-2025-27840: Espressif Chip's Backdoor Threatens Global Networks Spanish researchers have uncovered 29 undocumented commands within the ESP32 microchip, manufactured by the Chinese company Espressif, which could be exploited for cyberattacks. https://t.co/RYfCZinsXn
0
1
0
CVE-2025-27840: Espressif Chip’s Backdoor Threatens Global Networks https://t.co/hoWpAb7yBn
0
1
6
BREAKING NEWS The ESP32 microchip, used in over a billion devices, contains undocumented commands that could be exploited for attacks. The issue, tracked as CVE-2025-27840. https://t.co/gfv0VoBJ1A
0
0
0
Hmm. CVE-2025-27840 Undocumented commands found in Bluetooth chip used by a billion devices https://t.co/C2RSqFI5Fd
0
0
0
Undocumented commands found in Bluetooth chip used by a billion ESP32 devices allowing spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence, CVE-2025-27840. https://t.co/mMyid6RzpJ #iot
0
0
0
We were asked if @Ledger devices are vulnerable to CVE-2025-27840 (recently found backdoor in ESP32 bluetooth chips). Our initial analysis shows that it is unlikely these devices are vulnerable as all publically availiable information shows Ledger use STM32 chips. Another
1
0
2
@0000fffba @DLTA_Sec @Ledger Ledger's dual-chip setup with STM32 and a Secure Element likely protects it from the ESP32 Bluetooth backdoor (CVE-2025-27840). The MCU handles Bluetooth but can't access the Secure Element where sensitive data lives. You're probably safe, but always double-check firmware
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSEspressifesp32_firmware

References

ReferenceLink
[email protected]https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf
[email protected]https://reg.rootedcon.com/cfp/schedule/talk/5
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
[email protected]https://x.com/pascal_gujer/status/1898442439704158276
[email protected]https://flyingpenguin.com/?p=67838
[email protected]https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf
[email protected]https://reg.rootedcon.com/cfp/schedule/talk/5
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
[email protected]https://x.com/pascal_gujer/status/1898442439704158276
[email protected]https://flyingpenguin.com/?p=67838
[email protected]https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf
[email protected]https://github.com/em0gi/CVE-2025-27840
[email protected]https://github.com/orgs/espruino/discussions/7699
[email protected]https://reg.rootedcon.com/cfp/schedule/talk/5
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
[email protected]https://x.com/pascal_gujer/status/1898442439704158276
[email protected]https://cheriot.org/auditing/backdoor/2025/03/09/no-esp32-style-backdoor.html
[email protected]https://darkmentor.com/blog/esp32_non-backdoor/
[email protected]https://flyingpenguin.com/?p=67838
[email protected]https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf
[email protected]https://github.com/em0gi/CVE-2025-27840
[email protected]https://github.com/esphome/esphome/discussions/8382
[email protected]https://github.com/orgs/espruino/discussions/7699
[email protected]https://news.ycombinator.com/item?id=43301369
[email protected]https://news.ycombinator.com/item?id=43308740
[email protected]https://reg.rootedcon.com/cfp/schedule/talk/5
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
[email protected]https://x.com/pascal_gujer/status/1898442439704158276
GITHUBhttps://flyingpenguin.com/?p=67838
[email protected]https://cheriot.org/auditing/backdoor/2025/03/09/no-esp32-style-backdoor.html
[email protected]https://darkmentor.com/blog/esp32_non-backdoor/
[email protected]https://flyingpenguin.com/?p=67838
[email protected]https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf
[email protected]https://github.com/em0gi/CVE-2025-27840
[email protected]https://github.com/esphome/esphome/discussions/8382
[email protected]https://github.com/orgs/espruino/discussions/7699
[email protected]https://news.ycombinator.com/item?id=43301369
[email protected]https://news.ycombinator.com/item?id=43308740
[email protected]https://reg.rootedcon.com/cfp/schedule/talk/5
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
[email protected]https://www.espressif.com/en/news/Response_ESP32_Bluetooth
[email protected]https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
[email protected]https://x.com/pascal_gujer/status/1898442439704158276

CWE Details

CWE IDCWE NameDescription
CWE-912Hidden FunctionalityThe software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence