<ul><li>An authorization bypass vulnerability in the Espressif ESP32 Bluetooth chips, tracked as CVE-2025-27840, has been discovered.</li><li>This vulnerability affects over 1 billion devices and can lead to unauthorized access to devices and potential control over critical systems.</li><li>The uncovered vulnerability includes 29 undocumented HCI commands that pose security risks.</li><li>Espressif plans to release a software fix to remove the undocumented commands and mitigate the vulnerability.</li></ul>

CVE-2025-27840: Vulnerability Exploitation in Espressif ESP32 Bluetooth Chips Can Lead to Unauthorized Access to Devices

Discover more