CVE-2025-68473 — Out-of-Bounds Write in BlueDroid

CyberDefender 3 mins0

CVE-2025-68473 — Out-of-Bounds Write in ESP-IDF Bluetooth SDP Handling

Disclosure timeline:

  • Publicly disclosed around Dec. 26–27, 2025.

Affected software:

  • Espressif Internet of Things Development Framework (ESP-IDF) — the official development framework for ESP32/ESP-series SoCs
  • Specifically affects versions ≤ 5.5.1, ≤ 5.4.3, ≤ 5.3.4, ≤ 5.2.6, and ≤ 5.1.6 of ESP-IDF.

Description:
The vulnerability exists in the Bluetooth host stack (BlueDroid), in the function bta_dm_sdp_result(). This function uses a fixed-size array (uuid_list[32][MAX_UUID_SIZE]) to store discovered Bluetooth service UUIDs during Service Discovery Protocol (SDP) processing. On devices with a large number of services, this limited buffer can be exceeded, allowing writes beyond the intended memory bounds.

  • Classified under CWE-787: Out-of-Bounds Write — a memory corruption issue.
  • The public records currently show no official NVD CVSS score assigned yet; some trackers list it as informational/medium severity.
  • The GitHub advisory lists the weakness and associated commits addressing it: GHSA-hmjj-rjvv-w8pq

Impact:

  • If triggered, this bug could lead to memory corruption, which in turn can cause application crashes, undefined behavior, and potentially create opportunities for exploitation (depending on context and calling code).
  • There are no widely published exploits as of now, and it appears to be a buffer-handling issue rather than an immediately exploitable remote code execution bug.

Mitigation / Remediation:

  • Upgrade ESP-IDF to a version newer than the affected releases where the buffer handling has been fixed.
  • Monitor the official Espressif GitHub for security patches and commit history related to this CVE.

Mitigation Details:

https://github.com/espressif/esp-idf/commit/3286e45349b0b5c2b1422ef7e8d088b95eef895d
https://github.com/espressif/esp-idf/commit/4d928f2265c394d2abc85024228e920a5b26bcab
https://github.com/espressif/esp-idf/commit/5b3185168dae83d42aa0852689422fffd931f16c
https://github.com/espressif/esp-idf/commit/6453f57a954458ad8ffd6e4bf2d9e76b73fac0f1
https://github.com/espressif/esp-idf/commit/6ca6f422dafaffcb88fa56cc458ce92d96be3b2e
https://github.com/espressif/esp-idf/commit/9889edd799cf369e082df9d01adba961d64693ed
https://github.com/espressif/esp-idf/commit/ecb86d353640cf1375bf97db32e702ba59c551b6
https://github.com/espressif/esp-idf/security/advisories/GHSA-hmjj-rjvv-w8pq

CyberDefender