AI description
CVE-2025-27840 is a vulnerability found in Espressif ESP32 chips. These chips permit 29 undocumented HCI commands, including a command (0xFC02) that allows writing to memory. This vulnerability was first publicly disclosed on March 8, 2025. Additional information regarding this vulnerability can be found on sites such as the National Vulnerability Database (NVD) and GitHub's Advisory Database.
- Description
- Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.8
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
- Severity
- MEDIUM
- cve@mitre.org
- CWE-912
- nvd@nist.gov
- NVD-CWE-Other
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
75
🚨ICYMI: A critical vulnerability (CVE-2025-27840) in the ESP32 chip, used in various well-known #Bitcoin hardware wallets, has been identified. This flaw enables attackers to manipulate ECDSA signatures and perform unauthorized transactions, according to Crypto Deep Tech. http
@stg_george
17 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW: Security researchers discover critical vulnerability (CVE-2025-27840) in ESP32 chip, used in several renowned bitcoin hardware wallets. This vulnerability allows attackers to forge ECDSA signatures and make unauthorized transactions, according to Crypto Deep Tech. https://t
@BitcoinNewsCom
17 Apr 2025
22608 Impressions
30 Retweets
83 Likes
37 Bookmarks
21 Replies
7 Quotes
🚨ESP32芯片被曝严重漏洞(CVE-2025-27840),影响数十亿物联网设备⚠️ 🔓攻击者可伪造加密签名、窃取私钥 🔁源于弱伪随机数生成器+私钥校验缺陷 💥部分硬件钱包受影响,警惕私钥风险! https://t.co/QMXlyZT8wg
@qq6226201
17 Apr 2025
320 Impressions
1 Retweet
6 Likes
0 Bookmarks
1 Reply
0 Quotes
Mitigating the Unseen: How PEG Neutralizes Hardware-Level Cryptographic Threats A recent vulnerability (CVE-2025-27840) affecting the popular ESP32 microcontroller highlights a growing challenge in cryptographic infrastructure: hardware trust assumptions. Used in millions of IoT
@GTEIfastestever
16 Apr 2025
64 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical vulnerability found in ESP32 chips used in affordable Bitcoin hardware wallets! 😱 CVE-2025-27840 reveals low entropy in the random number generator, risking weak private keys. 🔑 Hackers could exploit this via malicious firmware or brute-force attacks, https://t.co/3
@Ahmedot2Osman
16 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 BREAKING: CRITICAL VULNERABILITY (CVE-2025-27840) IN ESP32 CHIP — A WIDELY USED MICROCONTROLLER — EXPOSES HARDWARE WALLETS TO PRIVATE KEY THEFT https://t.co/vjbtmIJjov
@coinwaft
16 Apr 2025
99 Impressions
2 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
🗞️ Protos'a göre, #Bitcoin donanım cüzdanlarında yaygın olarak kullanılan ESP32 çipinin, Bitcoin çalınmasına yol açabilecek kritik bir güvenlik açığı (CVE-2025-27840) tespit edildi. Bu güvenlik açığı, çipin rastgele sayı üreticisindeki yetersiz entropiden kaynaklanıyor ve http
@KoinSaati
16 Apr 2025
986 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 BREAKING: ESP32 Chip Flaw Exposes Bitcoin Hardware Wallets to Theft 🚨 Critical vulnerability CVE-2025-27840 in widely used ESP32 microcontrollers threatens crypto security. Here’s why hardware wallets are at risk: 🔴 Key Risks: Private Key Theft: Weak PRNG &a
@bytecoderman
16 Apr 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2025-27840은 간단히 ESP32로 니모닉 만들지 마세요~ 라고 할게 아니라, 복잡한 문제로 보임. 해당 취약점을 한줄요약하면 아래와 같음 Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). 즉 이론적으로 esp32류 기기에 네트워크가 연결되어있다면,
@nestedSegwit
16 Apr 2025
11136 Impressions
18 Retweets
97 Likes
16 Bookmarks
9 Replies
2 Quotes
😱 刚看到Protos的爆料,Blockstream Jade等比特币硬件钱包用的ESP32芯片有严重漏洞(CVE-2025-27840)
@Aarohip63148203
16 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
网络安全研究公司Crypto Deep Tech表示,使用ESP32芯片的比特币钱包目前发现严重漏洞 (CVE-2025-27840),其中包括Blockstream的Jade钱包,该漏洞可能导致私钥被盗
@jun_00100
16 Apr 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
According to Protos, the ESP32 chip, widely used in Bitcoin hardware wallets (such as Blockstream Jade), has been found to have a critical vulnerability (CVE-2025-27840) that could lead to Bitcoin theft. This vulnerability stems from insufficient entropy in the chip's random
@WuBlockchain
16 Apr 2025
101822 Impressions
23 Retweets
81 Likes
29 Bookmarks
15 Replies
21 Quotes
Согласно Protos, чип ESP32, широко используемый в аппаратных кошельках для Bitcoin (таких как Blockstream Jade), оказался подвержен критической уязвимости (CVE-2025-27840), которая может привести к краже Bitcoin. Эта уязвимость возникает из-за недостаточной энтропии в генератор…
@WuBlockchainRU
16 Apr 2025
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Tin nóng: Chip ESP32, dùng trong nhiều ví cứng Bitcoin (như Blockstream Jade), vừa lộ lỗ hổng bảo mật nghiêm trọng (CVE-2025-27840) có thể dẫn đến mất Bitcoin! Hacker có thể lợi dụng để tấn công brute-force key pairs hoặc ký các giao dịch trái phép. 🚨
@lucci_agent
16 Apr 2025
67 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide A vulnerability tied to the ESP32 chip exposes Bitcoin wallets to potential breaches, putting global crypto assets at risk. https://t.co/8EYcEc2HxD #Cybersecurity #CryptoSecurity
@adriananglin
14 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-27840: How a Tiny ESP32 Chip Could Crack Open Bitcoin Wallets Worldwide https://t.co/dFP1t5m25J
@Dinosn
14 Apr 2025
3020 Impressions
8 Retweets
41 Likes
14 Bookmarks
3 Replies
1 Quote
#exploit 1. CVE-2024-55963: Unauth RCE in Default-Install of Appsmith https://t.co/19DZTAmc23 2. CVE-2025-26909: LFI to RCE in WP Ghost Plugin https://t.co/hjBJcDtF4a 3. CVE-2025-27840: Vulnerability in ESP32 Microcontrollers https://t.co/i9iGGZfYTc
@ksg93rd
31 Mar 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bitcoin Cryptanalysis: CVE-2025-27840 Vulnerability in ESP32 Microcontrollers Puts Billions of IoT Devices at Risk via Wi-Fi & Bluetooth Source: https://t.co/CErJR2mjYG IPFS: https://t.co/VHkHhoh5f9 #rrcnews_en #03_30_25_en
@BitcoinWidget
30 Mar 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Security researchers have identified 29 undocumented commands in the ESP32 microchip, a widely used Bluetooth and Wi-Fi-enabled microcontroller from Espressif. These hidden commands, now tracked as CVE-2025-27840, could be exploited for unauthorized memory access. #avmconsulting
@AvmConsulting
12 Mar 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ESP32 Bluetooth security flaw discovered! 🔹 29 undocumented commands found in firmware 🔹 Enables device spoofing, memory access, & malware persistence 🔹 Tracked as CVE-2025-27840 IoT security at risk! #Deepweb Breaking news from the world & Darkweb: https://t.co/ZF7
@godeepweb
11 Mar 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27840: Vulnerability Exploitation in Espressif ESP32 Bluetooth Chips Can Lead to Unauthorized Access to Devices https://t.co/muVpAl4V8U Following the disclosure of an authorization bypass vulnerability in the Motorola Mobility Droid Razr HD (Model XT926), another maj…
@f1tym1
11 Mar 2025
14 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Memory Safety Bugs in Linux Kernel 📅 Timeline: Disclosure: 2025-03-08, Patch: No confirmation available from Espressif 🆔cveId: CVE-2025-27840 📊baseScore: 6.8 📏cvssMetrics: AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L cvssSeverity: High 🟠 📈 EPSS Score:… h
@syedaquib77
11 Mar 2025
50 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Backdoor in Bluetooth-Chip 📅 Timeline: Disclosure: 2025-03-08, Patch: Not yet available 📌 Attribution: 🆔cveId: CVE-2025-27840 📊baseScore: 6.8 📏cvssMetrics: AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L cvssSeverity: Medium 🟡 📈 EPSS Score: 15.72%… https:
@syedaquib77
10 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2025-21333 3 - CVE-2025-27607 4 - CVE-2025-0337 5 - CVE-2025-27840 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27840: Espressif Chip's Backdoor Threatens Global Networks Spanish researchers have uncovered 29 undocumented commands within the ESP32 microchip, manufactured by the Chinese company Espressif, which could be exploited for cyberattacks. https://t.co/RYfCZinsXn
@the_yellow_fall
10 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING NEWS The ESP32 microchip, used in over a billion devices, contains undocumented commands that could be exploited for attacks. The issue, tracked as CVE-2025-27840. https://t.co/gfv0VoBJ1A
@folksecure
10 Mar 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
「バックドア」と主張されたESP32の脆弱性CVE-2025-27840についての解説記事。バックドアというより隠し機能。バックドアとしての使用には事前の侵害とroot取得が前提。デバッグIFから物理でファームウェアを操作するのには新規性なし。 https://t.co/uFVnrIk8Zb
@__kokumoto
10 Mar 2025
4398 Impressions
22 Retweets
65 Likes
20 Bookmarks
0 Replies
2 Quotes
ESP32のCVE-2025-27840.の話は、vulnrichmentにデータはまだないっぽい。 https://t.co/k3EKIsPWoS
@hogehuga
10 Mar 2025
222 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“The issue is now tracked under CVE-2025-27840.” …are you fucking kidding me?
@xadh
9 Mar 2025
156 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Hmm. CVE-2025-27840 Undocumented commands found in Bluetooth chip used by a billion devices https://t.co/C2RSqFI5Fd
@elcerny
9 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Undocumented commands found in Bluetooth chip used by a billion ESP32 devices allowing spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence, CVE-2025-27840. https://t.co/mMyid6RzpJ #iot
@marksowell
9 Mar 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ESP32 “Backdoor” Claims? How CVE-2025-27840 Analysis Shows No Backdoor https://t.co/kmaj8mCCEb
@GOROman
9 Mar 2025
1579 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
1 Quote
We were asked if @Ledger devices are vulnerable to CVE-2025-27840 (recently found backdoor in ESP32 bluetooth chips). Our initial analysis shows that it is unlikely these devices are vulnerable as all publically availiable information shows Ledger use STM32 chips. Another… https
@DLTA_Sec
9 Mar 2025
109 Impressions
0 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
We were asked if @Ledger devices are vulnerable to CVE-2025-27840 (recently found backdoor in ESP32 bluetooth chips). Our initial analysis shows that it is unlikely these devices are vulnerable as all publically availiable information shows Ledger use STM32 chips. Another… https
@DLTA_Sec
9 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NIST: National Vulnerability Database CVE-2025-27840 Detail https://t.co/pYfMvvkfee
@GOROman
9 Mar 2025
2008 Impressions
1 Retweet
1 Like
1 Bookmark
1 Reply
0 Quotes
ESP32にバックドア https://t.co/tHaWXvWjcI https://t.co/2SKNFJbZBK 29個のドキュメントにない命令とのこと。 CVE-2025-27840に挙がってる。
@EmbeddedKiddie
9 Mar 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1 billion devices at risk. A backdoor in the ESP32 Bluetooth chip has been discovered, exposing IoT devices to potential impersonation, data theft, and long-term control. CVE-2025-27840 highlights the need for better security audits. #cybersecurity #iot #esp32 #infosec https:/
@paramdhagia
9 Mar 2025
856 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Undocumented Backdoor in ESP32 Bluetooth Chip 📌 Attribution: Discovered by Tarlogic Security researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco 🆔 cveId: CVE-2025-27840 📊 baseScore: 6.8 📏 cvssMetrics:… https://t.co/N5wvrBIPN4
@syedaquib77
9 Mar 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ESP32のは、CVE-2025-27840かな。
@ikumimashiba
9 Mar 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27840 Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). https://t.co/SnG86luqdf
@CVEnew
8 Mar 2025
895 Impressions
2 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:espressif:esp32_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C81AEA93-C163-4E5C-A25D-D2903742C9EE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D1024B06-380B-4116-B7F9-A21A03534B0C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]