CVE-2025-12888 – Constant Time Issue with Xtensa-based ESP32 and X22519

CVE ID : CVE-2025-12888

Published : Nov. 21, 2025, 11:15 p.m. | 2 hours, 1 minute ago

Description : Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa.

Severity: 1.0 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…