CVE-2025-65821

CVSS 7.5 HIGHEPSS 0.3%CWE-1191

In short

The ESP32 chip has an enabled UART download mode that lets attackers extract sensitive data like Wi-Fi credentials from the device's flash memory and replace the firmware with malicious code.

Technical detail

UART download mode is accessible on the ESP32 without authentication, allowing an attacker with physical access to dump flash memory contents (including NVS partition with stored credentials) and reflash arbitrary firmware. This provides complete device compromise with no mitigations in place.

Summary generated and translated by AI from the official description.

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to reflash the device with their own firmware which may contain malicious modifications.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-uart-download-mode-enabled-md https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/UART-Download-Mode-Enabled.md