{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2025-27840","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-05-12T15:33:14.134Z","dateReserved":"2025-03-08T00:00:00.000Z","datePublished":"2025-03-08T00:00:00.000Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"ESP32","vendor":"Espressif","versions":[{"status":"affected","version":"2025-03-06","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory)."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-912","description":"CWE-912 Hidden Functionality","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2025-03-11T17:03:29.921Z"},"references":[{"url":"https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf"},{"url":"https://x.com/pascal_gujer/status/1898442439704158276"},{"url":"https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/"},{"url":"https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/"},{"url":"https://reg.rootedcon.com/cfp/schedule/talk/5"},{"url":"https://flyingpenguin.com/?p=67838"},{"url":"https://github.com/em0gi/CVE-2025-27840"},{"url":"https://github.com/orgs/espruino/discussions/7699"},{"url":"https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/"},{"url":"https://darkmentor.com/blog/esp32_non-backdoor/"},{"url":"https://news.ycombinator.com/item?id=43308740"},{"url":"https://news.ycombinator.com/item?id=43301369"},{"url":"https://github.com/esphome/esphome/discussions/8382"},{"url":"https://cheriot.org/auditing/backdoor/2025/03/09/no-esp32-style-backdoor.html"},{"url":"https://www.espressif.com/en/news/Response_ESP32_Bluetooth"}],"x_generator":{"engine":"enrichogram 0.0.1"},"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L"}}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-10T15:04:13.290734Z","id":"CVE-2025-27840","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-12T15:33:14.134Z"}}]},"dataVersion":"5.1"}