CVE-2025-21608

Medium CVSS: 5.3

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Vendor

Meshtastic

Product

Meshtastic Firmware

CWE

CWE-668

Yayın Tarihi

2025-02-18 19:15:25

Güncelleme

2025-09-23 19:20:35

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-668 Meshtastic Firmware MEDIUM Meshtastic 2025

Referanslar

https://github.com/meshtastic/firmware/security/advisories/GHSA-c967-qc39-3hf5

Benzer Kayıtlar

High

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by t…

Medium

CVE-2025-53627

Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces as…

Critical

CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publi…

Low

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not…

Medium

CVE-2025-24798

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that…

Medium

CVE-2025-53637

Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_reques…