A critical authentication bypass flaw in ESPHome’s ESP-IDF web server component allows unauthorized users on the same local network to access and control smart devices without any valid credentials. Discovered and reported by security researcher jesserockz, the vulnerability (CVE-2025-57808) undermines Basic Authentication by accepting empty or partially correct Authorization headers. Users of ESPHome version 2025.8.0 […] The post ESPHome Vulnerability Allows Unauthorized Access to Smart Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/esphome-vulnerability/
