Hi all,
I would like to know the Nuki position about ESP32 CVE-2025-27840.
Which Nuki products use this chipset?
ONLY in case some Nuki Smart Locks use this chipset, I have a few questions:
From what I understand, the only possible mitigation action consists in deactivating Bluetooth.
I have a Nuki Lock Pro connected via Wi-Fi.
In my opinion, with the exception for the first configuration / future possible reset, the Bluetooth of the device could remain permanently deactivated and you could make it reactivable again following manual procedure through specific sequence of pressing the front button.
Despite this, I see that Bluetooth is always active, even if you disable the only bluetooth option available in the app related to the bluetooth pairing of new device.
Why we need bluetooth on? If it is needed only for specific optional features, why you don’not allow the user to disable it by temporarily giving up these features?
Following the exploit indicated in the subject, do you think to review this behavior and making Bluetooth completely deactivable through the app?
Thanks you in advance
Best Regards
Roberto