Description

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the client-supplied base64-encoded Authorization value is empty or is a substring of the correct value. This allows access to web_server functionality (including OTA, if enabled) without knowing any information about the correct username or password. This issue has been patched in version 2025.8.1.

INFO

Published Date :

2025-09-02T00:26:09.017Z

Last Modified :

2025-09-02T14:03:58.777Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57808 vulnerability.

Vendors Products
Esphome
  • Esphome
  • Esphome Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57808.

URL Resource
https://github.com/esphome/esphome/commit/2aceb56606ec8afec5f49c92e140c8050a6ccbe5 cve-icon cve-icon
https://github.com/esphome/esphome/security/advisories/GHSA-mxh2-ccgj-8635 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact