Vulnerabilities > CVE-2025-27840 - Unspecified vulnerability in Espressif Esp32 Firmware
Attack vector
PHYSICAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE low complexity
espressif
Summary
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 1 |
References
- https://cheriot.org/auditing/backdoor/2025/03/09/no-esp32-style-backdoor.html
- https://darkmentor.com/blog/esp32_non-backdoor/
- https://flyingpenguin.com/?p=67838
- https://github.com/em0gi/CVE-2025-27840
- https://github.com/esphome/esphome/discussions/8382
- https://github.com/orgs/espruino/discussions/7699
- https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf
- https://news.ycombinator.com/item?id=43301369
- https://news.ycombinator.com/item?id=43308740
- https://reg.rootedcon.com/cfp/schedule/talk/5
- https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
- https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
- https://www.espressif.com/en/news/Response_ESP32_Bluetooth
- https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
- https://x.com/pascal_gujer/status/1898442439704158276