K. Reid Wightman :verified: 🌻 :donor: :clippy: on Nostr: That ESP32 thing has a CVE: CVE-2025-27840: . And, pretty much everything all of the ...

That ESP32 thing has a CVE: CVE-2025-27840: https://nvd.nist.gov/vuln/detail/CVE-2025-27840 .

And, pretty much everything all of the well-known infosec people have been saying is correct: physical access required (or, high privileges and high attack complexity; the score is kinda 'wrong' in some sense because it is combining two exploitation vectors but I think it gets across the point: this is not wormable and is not exploitable via wireless, at least not on its own. and if your threat model allows for physical access but still treats this as a big deal somehow, go home, your threat model is drunk).