Espressif's ESP32 Bluetooth chip, used in over 1 billion devices, has undocumented commands that could enable attacks like device impersonation and unauthorized data access. Discovered by Spanish researchers, these commands may allow malicious actors to manipulate memory and bypass security controls, posing significant risks, especially in IoT devices. Concerns about potential exploitation are ongoing, with a specific vulnerability tracked under CVE-2025-27840.
Undocumented Commands Found in Bluetooth Chip Used by a Billion Devices
