Cybersecurity Vulnerabilities

CVE-2025-64342: ESP-IDF Bluetooth Advertising Interruption – Is Your IoT Device at Risk?

November 17, 2025 - By 

Overview

CVE-2025-64342 describes a vulnerability found in Espressif’s ESP-IDF (Espressif Internet of Things Development Framework). This issue can cause Bluetooth advertising to stop unexpectedly when the ESP32 receives a connection request with an invalid Access Address (AA) while in advertising mode. This can lead to a denial-of-service condition and potentially disrupt the intended functionality of the IoT device.

Technical Details

The vulnerability occurs when the ESP32, running ESP-IDF, is in Bluetooth advertising mode. If it receives a connection request containing an invalid Access Address (AA) of either 0x00000000 or 0xFFFFFFFF, the advertising process may terminate prematurely. The underlying issue causes the controller to incorrectly report a connection event to the host. Consequently, the application layer might falsely assume a successful connection has been established, leading to unpredictable application behavior.

CVSS Analysis

According to the information available, a CVSS score has not yet been assigned to this vulnerability (N/A). The severity is also listed as N/A. However, the potential for denial-of-service in IoT devices suggests that this vulnerability should be addressed promptly.

Possible Impact

The impact of CVE-2025-64342 primarily centers around potential denial-of-service (DoS) scenarios. Specifically:

  • Advertising Disruption: The most direct impact is the interruption of Bluetooth advertising, preventing other devices from discovering and connecting to the affected ESP32 device.
  • Connection Errors: The false reporting of a successful connection can cause application-level errors and lead to unexpected behavior, potentially disrupting critical functionality.
  • Device Unavailability: In scenarios where Bluetooth connectivity is essential for the device’s operation, the vulnerability can render the device unavailable.

Mitigation and Patch Steps

Espressif has addressed this vulnerability in the following ESP-IDF versions:

  • 5.5.2 (Fixed in commit 3b95b50)
  • 5.4.3
  • 5.3.5 (Fixed in commit e3d7042)
  • 5.2.6
  • 5.1.7 (Fixed in commit 75967b5)

Users of affected ESP-IDF versions are strongly advised to upgrade to one of the patched versions to mitigate this vulnerability. If upgrading is not immediately feasible, consider implementing workarounds such as validating the Access Address in connection requests at the application layer.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *