CVE-2025-57808 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server auth…
High CVSS: 8.1

CVE-2025-57808

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1.
Vendor
Esphome
Product
Esphome Firmware
CWE
CWE-303
Yayın Tarihi
2025-09-02 01:15:29
Güncelleme
2025-09-10 19:03:00
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-303 Esphome Firmware HIGH Esphome 2025

Referanslar

https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5 https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635 https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635