Summary: Spanish researchers have discovered undocumented commands in the widely-used ESP32 microchip, which could facilitate serious security risks such as device impersonation and unauthorized data access. The findings present significant implications for various IoT devices, as Espressifβs microchip is widely integrated into approximately one billion units. The issue has been cataloged under CVE-2025-27840 following concerns raised about the terminology used to describe the vulnerabilities.
Affected: Espressif ESP32 microchip
Keypoints :
- Discovery of 29 undocumented Bluetooth commands that allow low-level control and could be exploited for attacks.
- Commands enable risks such as memory manipulation, MAC address spoofing, and potential for persistence of malicious activity.
- Issues are particularly critical due to ESP32βs extensive use in IoT devices, raising concerns over device security and supply chain vulnerabilities.