CVE-2025-27840

Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory).

Weakness

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product’s users or administrators.

Affected Software

Name	Vendor	Start Version	End Version
Esp32_firmware	Espressif	- (including)	- (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/133.html
https://cwe.mitre.org/data/definitions/190.html

References

https://cheriot.org/auditing/backdoor/2025/03/09/no-esp32-style-backdoor.html
https://darkmentor.com/blog/esp32_non-backdoor/
https://flyingpenguin.com/?p=67838
https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf
https://github.com/em0gi/CVE-2025-27840
https://github.com/esphome/esphome/discussions/8382
https://github.com/orgs/espruino/discussions/7699
https://news.ycombinator.com/item?id=43301369
https://news.ycombinator.com/item?id=43308740
https://reg.rootedcon.com/cfp/schedule/talk/5
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
https://www.bleepingcomputer.com/news/security/undocumented-commands-found-in-bluetooth-chip-used-by-a-billion-devices/
https://www.espressif.com/en/news/Response_ESP32_Bluetooth
https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
https://x.com/pascal_gujer/status/1898442439704158276

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-27840
CWE	https://cwe.mitre.org/data/definitions/912.html

Hidden Functionality

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References