CVE-2025-27840 Information

Description

Espressif ESP32 chips allow 29 hidden HCI commands such as 0xFC02 (Write memory).

Reference

https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf https://reg.rootedcon.com/cfp/schedule/talk/5 https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/ https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/ https://x.com/pascal_gujer/status/1898442439704158276