Primary

Context

wolfSSL X25519 Timing Side Channel Vulnerability on Xtensa-based ESP32 Chips

Vulnerability

A vulnerability exists in the X25519 constant-time cryptographic implementations within wolfSSL, specifically on Xtensa-based ESP32 chips. This issue arises from timing side channels introduced by compiler optimizations and limitations of the CPU architecture, which can potentially be exploited. It is recommended to use the low memory implementations of X25519, now the default for Xtensa, to mitigate this vulnerability.

Impact

The vulnerability can be exploited to create timing side channels, potentially allowing for cryptographic key recovery or other sensitive information leakage.

Remediation

Users can switch to the low memory implementations of X25519, which is now the default for Xtensa-based ESP32 chips.

Added: Nov 21, 2025, 11:19 PM

Updated: Nov 21, 2025, 11:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

8.3

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

8.3

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

wolfSSL X25519 Timing Side Channel Vulnerability on Xtensa-based ESP32 Chips

Vulnerability

Impact

Remediation

Affected Products

wolfSSL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating