CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53540 – CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-53540
07 Jul 2025 — arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update endpoints accept POST requests for firmware uploads without CSRF protection. This allows an attacker to upload and execute arbitrary firmware, resulting in remote code execution (RCE). This vulnerability is fixed in 3.2.1. • https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-53007 – arduino-esp32 vulnerable to CRLF injection in WebServer.cpp
https://notcve.org/view.php?id=CVE-2025-53007
26 Jun 2025 — arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The `sendHeader` function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoing HTTP response headers. There is no validation or sanitization of the `name` or `value` parameters before they are included in the HTTP response. If an attacker can control the input to `sendHeader` (either dire... • https://github.com/espressif/arduino-esp32/security/advisories/GHSA-5476-9jjq-563m • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 6.5EPSS: 3%CPEs: 6EXPL: 2CVE-2019-12586
https://notcve.org/view.php?id=CVE-2019-12586
04 Sep 2019 — The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. La implementación de peer EAP en Espressif ESP-IDF versiones 2.0.0 hasta 4.0.0 y ESP8266_NONOS_SDK versiones 2.2.0 hasta 3.1.0, procesa los mensajes EAP Success antes de cualquier completación o fallo del método EAP, lo que per... • https://github.com/Matheus-Garbelini/esp32_esp8266_attacks •