From 542d013783d77957ae4a5622a97b53d7fa5c96b4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 8 Mar 2025 21:03:48 +0000 Subject: [PATCH] Auto-Update: 2025-03-08T21:00:19.630985+00:00 --- CVE-2025/CVE-2025-278xx/CVE-2025-27840.json | 72 +++++++++++++++++++++ README.md | 12 ++-- _state.csv | 3 +- 3 files changed, 80 insertions(+), 7 deletions(-) create mode 100644 CVE-2025/CVE-2025-278xx/CVE-2025-27840.json diff --git a/CVE-2025/CVE-2025-278xx/CVE-2025-27840.json b/CVE-2025/CVE-2025-278xx/CVE-2025-27840.json new file mode 100644 index 00000000000..f672e688e2b --- /dev/null +++ b/CVE-2025/CVE-2025-278xx/CVE-2025-27840.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2025-27840", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-03-08T20:15:36.027", + "lastModified": "2025-03-08T20:15:36.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-912" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/TarlogicSecurity/Talks/blob/main/2025_RootedCon_BluetoothTools.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://reg.rootedcon.com/cfp/schedule/talk/5", + "source": "cve@mitre.org" + }, + { + "url": "https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/", + "source": "cve@mitre.org" + }, + { + "url": "https://x.com/pascal_gujer/status/1898442439704158276", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b0588177534..acc748799a9 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-03-08T17:00:20.254595+00:00 +2025-03-08T21:00:19.630985+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-03-08T16:15:34.550000+00:00 +2025-03-08T20:15:36.027000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -284552 +284553 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `1` +- [CVE-2025-27840](CVE-2025/CVE-2025-278xx/CVE-2025-27840.json) (`2025-03-08T20:15:36.027`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2023-33289](CVE-2023/CVE-2023-332xx/CVE-2023-33289.json) (`2025-03-08T16:15:34.550`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 59ed6187558..f02eab91616 100644 --- a/_state.csv +++ b/_state.csv @@ -226789,7 +226789,7 @@ CVE-2023-33284,0,0,d0da5008a48df8a13ca95a55afa039e69b1f0015e97eafe62f93398991b7e CVE-2023-33285,0,0,30741f1677c923d9321a174f24cbcfbb45d70b7fa16adbecc164042f72c69993,2024-11-21T08:05:20.157000 CVE-2023-33287,0,0,4589690dfbbc05dbf65975779ea5f06e069047b263db7ad14eeef921b27b9778,2025-01-10T16:15:26.393000 CVE-2023-33288,0,0,26838f7327104c1b47d024f5db0a9eb1c2668da883675bbf3c61e6d3c54ee2da,2024-11-21T08:05:20.497000 -CVE-2023-33289,0,1,f7fa52dcf4815a7bc1f7607ba8a52d04f13067851cb6faf3eeaff67eb8b78efb,2025-03-08T16:15:34.550000 +CVE-2023-33289,0,0,f7fa52dcf4815a7bc1f7607ba8a52d04f13067851cb6faf3eeaff67eb8b78efb,2025-03-08T16:15:34.550000 CVE-2023-3329,0,0,3e639db55d9b83618de638ac73b22a875829db310a8f87faef030071a6e573a8,2024-11-21T08:17:01.620000 CVE-2023-33290,0,0,bc6a69010fb5c4656505a017a49e45680fe2923b4184f220645c15aeaaf633ad,2024-11-21T08:05:20.870000 CVE-2023-33291,0,0,98a73c5a299c04428af908a2bd26a9c74200b238c366aa50af50fa19f5b47038,2025-01-14T19:15:30.877000 @@ -284551,3 +284551,4 @@ CVE-2025-27824,0,0,bbbadd94bca912d17091ba5687790372eed06151266f5eb5403da18d55309 CVE-2025-27825,0,0,99e9b9d3befd54cbb55880416607fbc7e5d90c9fee9cdc2881cb2480979fee41,2025-03-07T22:15:38.380000 CVE-2025-27826,0,0,83fe28f5c1c38336a328c924367a016f575cf3bedee9c6070949943b515ded3d,2025-03-07T22:15:38.527000 CVE-2025-27839,0,0,212b3d30d2c1f53f372c7e143c6e03922deeb9da14f018db14d5749815db8000,2025-03-08T00:15:38.340000 +CVE-2025-27840,1,1,7d2524c6b84334effec85ee9043fdbd794fc7f9dac3f9570023d7c013da942a9,2025-03-08T20:15:36.027000