CNNVD-202507-780 Information

Jul 07, 2025 cve

CNNVD ID

CNNVD-202507-780

CVE-2025-53540

  • CNNVD Published: 2025-07-07

Description (Chinese)

arduino-esp32是Espressif开源的一个用于 ESP32、ESP32-S2、ESP32-S3、ESP32-C3、ESP32-C6 和 ESP32-H2 的 Arduino 内核。 arduino-esp32 3.2.1之前版本存在跨站请求伪造漏洞,该漏洞源于更新端点接受POST请求时未进行CSRF保护,可能导致远程代码执行。

Description (English)

Arduino-essp32 is an ulduino core for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. The pre-Arduino-essp32 3.2.1 version had a false gap in the cross-site request, which stemmed from the lack of CSRF protection at the time the updated endpoint accepted the POST request, which could lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

跨站请求伪造

Affected Vendor

乐鑫

Published

2025-07-07

Last Modified

2026-02-24

References

https://github.com/espressif/arduino-esp32/security/advisories/GHSA-9vfw-wx65-c872 https://github.com/espressif/arduino-esp32/commit/f4fdecc60c465384e465a4b1d2bd1eac8f67912e https://access.redhat.com/security/cve/cve-2025-53540

Patch

https://github.com/espressif/arduino-esp32/releases

Share on: