Using Bluetooth on a desktop computer is now such a seamless process; it’s something built-in and just works. Behind that ubiquity is a protocol layer called HCI, or Host Controller Interface… ...

The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could be leveraged for attacks.

The vulnerability description is as follows: Espressif ESP32 ICs contain 29 hidden Bluetooth HCl commands, such as "0xFC02" – "Write memory" (CVE-2025-27840, CVSS 6.8, risk "medium ").

The PCB holds an ESP32-PICO-D4 which is operating as a standard Bluetooth HID controller for maximum compatibility with modern systems.