CVE-2025-68474 | Espressif ESP-IDF up to 5.1.6/5.2.6/5.3.4/5.4.3/5.5.1 avrc_vendor_msg out-of-bounds write (GHSA-43gh-7r4f-qp57)

Uncategorized
Yanac

A vulnerability categorized as critical has been discovered in Espressif ESP-IDF up to 5.1.6/5.2.6/5.3.4/5.4.3/5.5.1. Impacted is the function avrc_vendor_msg. Such manipulation leads to out-of-bounds write.

This vulnerability is documented as CVE-2025-68474. The attack requires being on the local network. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More