CVE-2025-24797

Critical CVSS: 9.4

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2.

Vendor

Meshtastic

Product

Meshtastic Firmware

CWE

CWE-119

Yayın Tarihi

2025-04-15 00:15:14

Güncelleme

2025-10-03 15:31:58

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-119 Meshtastic Firmware CRITICAL Meshtastic 2025

Referanslar

https://github.com/meshtastic/firmware/security/advisories/GHSA-33hw-xhfh-944r

Benzer Kayıtlar

High

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by t…

Medium

CVE-2025-53627

Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces as…

Critical

CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publi…

Low

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not…

Medium

CVE-2025-24798

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that…

Medium

CVE-2025-53637

Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_reques…