CNNVD-202509-225 Information
CNNVD ID
CNNVD-202509-225
Related CVE
- CNNVD Published: 2025-09-02
Description (Chinese)
ESPHome是ESPHome开源的一个配置、管理智能硬件的系统。用于控制Esp8266/Esp32硬件,实现家庭自动化控制。 ESPHome 2025.8.0版本存在安全漏洞,该漏洞源于web_server身份验证检查不当,可能导致未经授权访问。
Description (English)
ESPHome is an ESPHome open source system for configuration and management of smart hardware. For control of Esp8266/Esp32 hardware to automate family control. Version 2025.8.0 of ESPCHome contains a security loophole, which stems from inappropriate web server identification checks, which may lead to unauthorized access.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
环境系统研究所
Published
2025-09-02
Last Modified
2026-02-24
References
https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635 https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5 https://access.redhat.com/security/cve/cve-2025-57808 https://nvd.nist.gov/vuln/detail/CVE-2025-57808