CVE-2025-55297 – Espressif ESP-IDF BluFi Wi-Fi Credential Handling and Diffie-Hellman Key Exchange Memory Overflow Vulnerability

The following table lists the changes that have been made to the
CVE-2025-55297 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

New CVE Received
by [email protected]

Aug. 21, 2025

Action	Type	New Value
Added	Description	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hellman key exchange. This vulnerability is fixed in 5.4.1, 5.3.3, 5.1.6, and 5.0.9.
Added	CVSS V4.0	AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added	CWE	CWE-120
Added	CWE	CWE-131
Added	Reference	https://github.com/espressif/esp-idf/commit/12b7a9e6d78012ab9184b7ccdb5524364bf7e345
Added	Reference	https://github.com/espressif/esp-idf/commit/3fc6c93936077cb1659e1f0e0268e62cf6423e9d
Added	Reference	https://github.com/espressif/esp-idf/commit/5f93ec3b11b6115475c34de57093b3672d594e8f
Added	Reference	https://github.com/espressif/esp-idf/commit/9cb7206d4ae8fd8f4296cd57d6c78a1656f42efa
Added	Reference	https://github.com/espressif/esp-idf/commit/abc18e93eb3500dbec74c3e589671ef82c8b3919
Added	Reference	https://github.com/espressif/esp-idf/commit/b1657d9dd4d0e48ed25e02cb8fe8413f479a2a84
Added	Reference	https://github.com/espressif/esp-idf/commit/bf50c0c197af30990026c8f8286298d2aa5a3c99
Added	Reference	https://github.com/espressif/esp-idf/commit/cb6929a2e6f2ff130b742332dc15eb23006c7cc9
Added	Reference	https://github.com/espressif/esp-idf/commit/cc00e9f2fc4f7e8fbaff27851b4a8b45fa483501
Added	Reference	https://github.com/espressif/esp-idf/commit/e65cf7ea2a2be52219ec9d4efc44aed5e490e91c
Added	Reference	https://github.com/espressif/esp-idf/commit/f40aa9c587a8e570dfde2e6330382dcd170d5a5d
Added	Reference	https://github.com/espressif/esp-idf/commit/f77da0d5b5382635c99e6708551b73802ad1213d
Added	Reference	https://github.com/espressif/esp-idf/security/advisories/GHSA-9w88-r2vm-qfc4

Share the Post:

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE ID : CVE-2025-10304 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The Everest Backup –

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

CVE ID : CVE-2025-12585 Published : Dec. 3, 2025, 3:27 a.m. | 26 minutes ago Description : The MxChat – AI

Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN

Company Registration Number: 5334133
Company VAT Number: 855 7246 95

CVE-2025-55297 – Espressif ESP-IDF BluFi Wi-Fi Credential Handling and Diffie-Hellman Key Exchange Memory Overflow Vulnerability

New CVE Received
by [email protected]

Related Posts

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

Useful Links

Other Links

CVE-2025-55297 – Espressif ESP-IDF BluFi Wi-Fi Credential Handling and Diffie-Hellman Key Exchange Memory Overflow Vulnerability

New CVE Received by [email protected]

Related Posts

CVE-2025-10304 – Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.3.8 – Missing Authorization to Unauthenticated Backup Failure

CVE-2025-12585 – MxChat – AI Chatbot for WordPress <= 2.5.5 – Unauthenticated Information Exposure

Useful Links

Other Links

New CVE Received
by [email protected]