CVE-2025-68473
📋 TL;DR
This vulnerability is an out-of-bounds write in the ESP-IDF Bluetooth host stack that occurs when more than 32 services are discovered during Bluetooth SDP. It affects IoT devices using vulnerable ESP-IDF versions, potentially allowing attackers to execute arbitrary code or crash devices via specially crafted Bluetooth packets.
💻 Affected Systems
- ESP-IDF (Espressif IoT Development Framework)
📦 What is this software?
Esp Idf by Espressif
Esp Idf by Espressif
Esp Idf by Espressif
Esp Idf by Espressif
Esp Idf by Espressif
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, data theft, or device bricking
Likely Case
Device crash/reboot causing denial of service and potential data corruption
If Mitigated
Limited impact if Bluetooth is disabled or devices are isolated from untrusted Bluetooth sources
🎯 Exploit Status
Exploitation requires Bluetooth proximity and ability to send malicious SDP responses, but no authentication is needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in ESP-IDF releases after the listed vulnerable versions (check specific commit fixes)
Vendor Advisory: https://github.com/espressif/esp-idf/security/advisories
Restart Required: Yes
Instructions:
1. Update ESP-IDF to latest version
2. Recompile and flash firmware to affected devices
3. Verify Bluetooth functionality post-update
🔧 Temporary Workarounds
Disable Bluetooth
allDisable Bluetooth functionality if not required
Modify sdkconfig to set CONFIG_BT_ENABLED=n
Limit Bluetooth Discovery
allRestrict Bluetooth discovery to trusted devices only
Implement Bluetooth pairing/whitelisting in application code
🧯 If You Can't Patch
- Segment Bluetooth network - isolate vulnerable devices from untrusted Bluetooth sources
- Implement physical security controls to limit Bluetooth proximity access
🔍 How to Verify
Check if Vulnerable:
Check ESP-IDF version in firmware or build configuration. Vulnerable if version is 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6 or earlierCheck Version:
grep 'ESP-IDF' version.txt or check sdkconfig version settingsVerify Fix Applied:
Verify ESP-IDF version is updated beyond vulnerable versions and check for presence of fix commits in the codebase📡 Detection & Monitoring
Log Indicators:
- Bluetooth stack crashes
- SDP protocol errors
- Memory corruption warnings
Network Indicators:
- Unusual Bluetooth SDP traffic patterns
- Multiple service advertisements from single device
SIEM Query:
bluetooth AND (crash OR reboot OR sdp) FROM iot_device🔗 References
- https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d
- https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab
- https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c
- https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1
- https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e
- https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed
- https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6
- https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq
