Login Sign Up

CVE-2025-68622

6.8 MEDIUM
Buffer Overflow

📋 TL;DR

A stack buffer overflow vulnerability in Espressif ESP-IDF USB Host UVC Class Driver allows malicious USB cameras to corrupt memory during configuration-descriptor parsing. This affects systems using ESP-IDF with USB host functionality and UVC descriptor printing enabled. Attackers could potentially execute arbitrary code or crash the system.

💻 Affected Systems

Products:
  • Espressif ESP-IDF USB Host UVC Class Driver
  • Devices using esp-usb UVC host implementation
Versions: All versions prior to 2.4.0
Operating Systems: ESP-IDF based systems
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when UVC configuration-descriptor printing is enabled (not default). Requires USB host functionality with UVC device connection.

📦 What is this software?

Usb Host Uvc Class Driver by Espressif

View all CVEs affecting Usb Host Uvc Class Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, device takeover, or persistent backdoor installation.

🟠

Likely Case

System crash, denial of service, or limited memory corruption affecting USB functionality.

🟢

If Mitigated

No impact if UVC configuration-descriptor printing is disabled or patched version is used.

🌐 Internet-Facing: LOW - Requires physical USB device connection, not network accessible.
🏢 Internal Only: MEDIUM - Requires physical access or malicious USB device insertion in internal environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires physical USB device connection with specially crafted UVC descriptor. No authentication needed once device is connected.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.0

Vendor Advisory: https://github.com/espressif/esp-usb/security/advisories/GHSA-g65h-9ggq-9827

Restart Required: Yes

Instructions:

1. Update esp-usb component to version 2.4.0 or later. 2. Update ESP-IDF if using bundled version. 3. Rebuild and flash firmware. 4. Restart affected devices.

🔧 Temporary Workarounds

Disable UVC descriptor printing

all

Disable the vulnerable configuration-descriptor printing functionality

Set CONFIG_USB_HOST_UVC_PRINT_DESC=n in sdkconfig

🧯 If You Can't Patch

  • Disable USB host functionality or restrict physical USB port access
  • Implement USB device whitelisting or use USB condoms to prevent unauthorized devices

🔍 How to Verify

Check if Vulnerable:

Check esp-usb component version: grep -r 'usb_host_uvc' components/espressif/usb_host_uvc/idf_component.yml

Check Version:

grep 'version:' components/espressif/usb_host_uvc/idf_component.yml

Verify Fix Applied:

Verify version >=2.4.0: cat components/espressif/usb_host_uvc/idf_component.yml | grep version

📡 Detection & Monitoring

Log Indicators:

  • USB device connection errors
  • UVC descriptor parsing failures
  • System crashes after USB device insertion

Network Indicators:

  • None - local USB attack vector

SIEM Query:

source="esp32_logs" AND ("USB" AND ("crash" OR "overflow" OR "UVC"))

📊 Metadata

CVE ID: CVE-2025-68622
CVSS v3 Score: 6.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
EPSS Score: 0.03% exploit probability (8.5th percentile)
Published: January 12, 2026
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68622, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)