{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93072?format=json","vulnerability_id":"VCID-5crh-5ryn-3kay","summary":"Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, calls to hid_host_device_close() can free the same usb_transfer_t twice. The USB event callback and user code share the hid_iface_t state without locking, so both can tear down a READY interface simultaneously, corrupting heap metadata inside the ESP USB host stack. This vulnerability is fixed in 1.1.0.","aliases":[{"alias":"CVE-2025-68657"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68657","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02468","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0246","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0247","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68657"},{"reference_url":"https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b","reference_id":"cd28106e9f72ac2719682c06f94601f9f034390b","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T18:40:17Z/"}],"url":"https://github.com/espressif/esp-usb/commit/cd28106e9f72ac2719682c06f94601f9f034390b"},{"reference_url":"https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog","reference_id":"changelog","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T18:40:17Z/"}],"url":"https://components.espressif.com/components/espressif/usb_host_hid/versions/1.1.0/changelog"},{"reference_url":"https://github.com/espressif/esp-usb/security/advisories/GHSA-gp8r-qjfr-gqfv","reference_id":"GHSA-gp8r-qjfr-gqfv","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T18:40:17Z/"}],"url":"https://github.com/espressif/esp-usb/security/advisories/GHSA-gp8r-qjfr-gqfv"}],"weaknesses":[{"cwe_id":415,"name":"Double Free","description":"The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations."},{"cwe_id":667,"name":"Improper Locking","description":"The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors."}],"exploits":[],"severity_range_score":"6.4 - 6.4","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5crh-5ryn-3kay"}