From 20b1b14c5d9d8d1af9b0b4e83b65e8b85af5c476 Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Wed, 26 Nov 2025 10:06:26 +0530
Subject: [PATCH] docs: update vulnerabilities guide to mention new CVEs

---
 docs/en/security/vulnerabilities.rst | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/docs/en/security/vulnerabilities.rst b/docs/en/security/vulnerabilities.rst
index 77dbb0bab0..2935eff91c 100644
--- a/docs/en/security/vulnerabilities.rst
+++ b/docs/en/security/vulnerabilities.rst
@@ -10,6 +10,28 @@ This page briefly lists all of the vulnerabilities that are discovered and fixed
 CVE-2025
 --------
 
+CVE-2025-65092
+~~~~~~~~~~~~~~
+
+ESP32-P4 JPEG Decoder Header Parsing Vulnerability
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF (ESP32-P4 SoC only)
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-vcw6-jc3p-4gj8`_
+
+
+CVE-2025-64342
+~~~~~~~~~~~~~~
+
+ESP32 Bluetooth Controller Invalid Access Address Vulnerability
+
+* Espressif Advisory: NA (Published on GitHub)
+* Impact: Applicable for ESP-IDF (ESP32 SoC only)
+* Resolution: Please see advisory for details
+* Advisory pointer: `GHSA-8mg7-9qpg-p92v`_
+
+
 CVE-2025-55297
 ~~~~~~~~~~~~~~
 
@@ -221,3 +243,5 @@ Security Advisory Concerning Wi-Fi Authentication Bypass
 .. _`GHSA-wm57-466g-mhrr` : https://github.com/espressif/esp-idf/security/advisories/GHSA-wm57-466g-mhrr
 .. _`GHSA-hqhh-cp47-fv5g` : https://github.com/espressif/esp-idf/security/advisories/GHSA-hqhh-cp47-fv5g
 .. _`GHSA-9w88-r2vm-qfc4` : https://github.com/espressif/esp-idf/security/advisories/GHSA-9w88-r2vm-qfc4
+.. _`GHSA-8mg7-9qpg-p92v` : https://github.com/espressif/esp-idf/security/advisories/GHSA-8mg7-9qpg-p92v
+.. _`GHSA-vcw6-jc3p-4gj8` : https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8