Merge branch 'bugfix/add_the_cve_2025_52471_to_list_v5.4' into 'release/v5.4'

fix(wifi): Added CVE-2025-52471 to vulnerabilities list (v5.4) See merge request espressif/esp-idf!40206
2025-08-03 20:54:32 +02:00 · 2025-07-11 13:41:10 +08:00
parent cc6b993b60 cf21272c94
commit 309c95216a
1 changed files with 27 additions and 0 deletions
--- a/docs/en/security/vulnerabilities.rst
+++ b/docs/en/security/vulnerabilities.rst
@@ -7,9 +7,34 @@ This page briefly lists all of the vulnerabilities that are discovered and fixed
 .. note::
   Please refer to ``latest`` version of this documentation guide for up-to-date information.

+CVE-2025
+--------
+
+CVE-2025-52471
+~~~~~~~~~~~~~~
+
+ESP-NOW Integer Underflow Vulnerability Advisory
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-hqhh-cp47-fv5g`_
+
+
 CVE-2024
 --------

+CVE-2024-53845
+~~~~~~~~~~~~~~
+
+AES/CBC Constant IV Vulnerability in ESPTouch v2
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-wm57-466g-mhrr`_
+
+
 CVE-2024-30949
 ~~~~~~~~~~~~~~

@@ -183,3 +208,5 @@ Security Advisory Concerning Wi-Fi Authentication Bypass
 .. _`AR2024-003`: https://www.espressif.com/sites/default/files/advisory_downloads/AR2024-003%20Security%20Advisory%20for%20PEAP%20Phase-2%20authentication%20EN.pdf
 .. _`GHSA-22x6-3756-pfp8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8
 .. _`GHSA-7f7f-jj2q-28wm` : https://github.com/espressif/esp-idf/security/advisories/GHSA-7f7f-jj2q-28wm
+.. _`GHSA-wm57-466g-mhrr` : https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr
+.. _`GHSA-hqhh-cp47-fv5g` : https://github.com/espressif/esp-idf/security/advisories/GHSA-hqhh-cp47-fv5g