Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2025-57808NVD

Description

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1.

Severity Level

HIGH (8.1)

Published Date

02/09/2025

Last Modified

10/09/2025

Exploitation Status

UNKNOWN

References

https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5
https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635
https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

Advanced Threat Data Export

CVE-2025-57808NVD

Description

References