Home/CVE/ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been ide
CVE

CVE-2025-52471

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been ide

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficient validation of user-supplied data length in the packet receive function.

Under certain conditions, this may lead to out-of-bounds memory access and may allow arbitrary memory write operations. On systems without a memory protection scheme, this behavior could potentially be used to achieve remote code execution (RCE) on the target device. In versions 5.4.2, 5.3.4, 5.2.6, and 5.1.6, ESP-NOW has added more comprehensive validation logic on user-supplied data length during packet reception to prevent integer underflow caused by negative value calculations.

For ESP-IDF v5.3 and earlier, a workaround can be applied by validating that the data_len parameter received in the RX callback (registered via esp_now_register_recv_cb()) is a positive value before further processing. For ESP-IDF v5.4 and later, no application-level workaround is available. Users are advised to upgrade to a patched version of ESP-IDF to take advantage of the built-in mitigation.

CRITICAL · CVSS 9.8 EPSS 0.0171
Schedule remediation
  • SSVC automatable: yes - attacks can be scripted at scale
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0

Weakness Classification

CWE-191Integer Underflow (Wrap or Wraparound)

Affected Products & Versions

1
espressif esp-idfall versions

Scoring & Timeline

9.8
CRITICAL · CVSS v3.1 · security-advisories@github.com
View on NVD
Attack Vector
Network Adjacent Local Physical
Attack Complexity
Low High
Privileges Required
None Low High
User Interaction
None Required
Scope
Unchanged Changed
Confidentiality
None Low High
Integrity
None Low High
Availability
None Low High
Published to NVD24 Jun 2025 · 08:15 PM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC triage · cisa-vulnrichment
Exploitation
none
Automatable
yes
Technical impact
total
SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.
🔗

References & Sources

7
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409Patch
https://github.com/espressif/esp-idf/commit/c5fc81917805f99e687c81cc56b68dc5df7ef8b5Patch
https://github.com/espressif/esp-idf/commit/d4dafbdc3572387cd4f9a62b776580bc4ac3bde7Patch
https://github.com/espressif/esp-idf/commit/d6ec5a52255b17c1d6ef379e89f9de2c379042f8Patch
https://github.com/espressif/esp-idf/commit/df7757d8279871fa7a2f42ef3962c6c1ec88b8a2Patch
https://github.com/espressif/esp-idf/commit/edc227c5eaeced999b5212943a9434379f8aad80Patch
Intelligence Graph · click any node to traverse
CVETechnique ActorTool Family
drag to reposition · click any node to traverse · button top-right enlarges
External lookups - second-class, for what we don’t hold ourselves
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin