CVE-2025-68656 | Espressif esp-usb up to 1.0.x usb_class_request_get_descriptor use after free

A vulnerability marked as critical has been reported in Espressif esp-usb up to 1.0.x. This affects the function usb_class_request_get_descriptor. Performing a manipulation results in use after free.

This vulnerability is identified as CVE-2025-68656. The attack may be carried out on the physical device. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More