AI description
CVE-2025-27840 is a vulnerability found in Espressif ESP32 chips. These chips permit 29 undocumented HCI commands, including a command (0xFC02) that allows writing to memory. This vulnerability was first publicly disclosed on March 8, 2025. Additional information regarding this vulnerability can be found on sites such as the National Vulnerability Database (NVD) and GitHub's Advisory Database.
- Description
- Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 6
- Exploitability score
- 0.3
- Vector string
- CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
- Severity
- MEDIUM
- cve@mitre.org
- CWE-912
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
3
Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2025-21333 3 - CVE-2025-27607 4 - CVE-2025-0337 5 - CVE-2025-27840 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27840: Espressif Chip's Backdoor Threatens Global Networks Spanish researchers have uncovered 29 undocumented commands within the ESP32 microchip, manufactured by the Chinese company Espressif, which could be exploited for cyberattacks. https://t.co/RYfCZinsXn
@the_yellow_fall
10 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING NEWS The ESP32 microchip, used in over a billion devices, contains undocumented commands that could be exploited for attacks. The issue, tracked as CVE-2025-27840. https://t.co/gfv0VoBJ1A
@folksecure
10 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
「バックドア」と主張されたESP32の脆弱性CVE-2025-27840についての解説記事。バックドアというより隠し機能。バックドアとしての使用には事前の侵害とroot取得が前提。デバッグIFから物理でファームウェアを操作するのには新規性なし。 https://t.co/uFVnrIk8Zb
@__kokumoto
10 Mar 2025
2511 Impressions
13 Retweets
44 Likes
13 Bookmarks
0 Replies
1 Quote
ESP32のCVE-2025-27840.の話は、vulnrichmentにデータはまだないっぽい。 https://t.co/k3EKIsPWoS
@hogehuga
10 Mar 2025
189 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“The issue is now tracked under CVE-2025-27840.” …are you fucking kidding me?
@xadh
9 Mar 2025
139 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Hmm. CVE-2025-27840 Undocumented commands found in Bluetooth chip used by a billion devices https://t.co/C2RSqFI5Fd
@elcerny
9 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Undocumented commands found in Bluetooth chip used by a billion ESP32 devices allowing spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence, CVE-2025-27840. https://t.co/mMyid6RzpJ #iot
@marksowell
9 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ESP32 “Backdoor” Claims? How CVE-2025-27840 Analysis Shows No Backdoor https://t.co/kmaj8mCCEb
@GOROman
9 Mar 2025
1545 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
1 Quote
We were asked if @Ledger devices are vulnerable to CVE-2025-27840 (recently found backdoor in ESP32 bluetooth chips). Our initial analysis shows that it is unlikely these devices are vulnerable as all publically availiable information shows Ledger use STM32 chips. Another… https
@DLTA_Sec
9 Mar 2025
104 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
We were asked if @Ledger devices are vulnerable to CVE-2025-27840 (recently found backdoor in ESP32 bluetooth chips). Our initial analysis shows that it is unlikely these devices are vulnerable as all publically availiable information shows Ledger use STM32 chips. Another… https
@DLTA_Sec
9 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NIST: National Vulnerability Database CVE-2025-27840 Detail https://t.co/pYfMvvkfee
@GOROman
9 Mar 2025
2002 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
0 Quotes
ESP32にバックドア https://t.co/tHaWXvWjcI https://t.co/2SKNFJbZBK 29個のドキュメントにない命令とのこと。 CVE-2025-27840に挙がってる。
@EmbeddedKiddie
9 Mar 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1 billion devices at risk. A backdoor in the ESP32 Bluetooth chip has been discovered, exposing IoT devices to potential impersonation, data theft, and long-term control. CVE-2025-27840 highlights the need for better security audits. #cybersecurity #iot #esp32 #infosec https:/
@paramdhagia
9 Mar 2025
856 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Undocumented Backdoor in ESP32 Bluetooth Chip 📌 Attribution: Discovered by Tarlogic Security researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco 🆔 cveId: CVE-2025-27840 📊 baseScore: 6.8 📏 cvssMetrics:… https://t.co/N5wvrBIPN4
@syedaquib77
9 Mar 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ESP32のは、CVE-2025-27840かな。
@ikumimashiba
9 Mar 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27840 Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). https://t.co/SnG86luqdf
@CVEnew
8 Mar 2025
895 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes