VYPR
Medium severityOSV Advisory· Published Nov 21, 2025· Updated Apr 15, 2026

CVE-2025-65092

CVE-2025-65092

Description

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Espressif/Esp IdfOSV2 versions
    v0.9, v1.0, v2.0-rc1, …+ 1 more
    • (no CPE)range: v0.9, v1.0, v2.0-rc1, …
    • (no CPE)range: 5.3.4, 5.4.3, 5.5.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.