CVE-2025-24798

Medium CVSS: 4.3

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This vulnerability is fixed in 2.6.2.

Vendor

Meshtastic

Product

Meshtastic Firmware

CWE

CWE-617

Yayın Tarihi

2025-07-10 22:15:24

Güncelleme

2025-08-22 16:02:31

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-617 Meshtastic Firmware MEDIUM Meshtastic 2025

Referanslar

https://github.com/meshtastic/firmware/blob/cdcbf4c61550e45c125e17a20aff4275e9389655/src/modules/RoutingModule.cpp#L44-L48 https://github.com/meshtastic/firmware/commit/dc100e4d3e3dfbf58d3ead8141a49cddb0cbdc19 https://github.com/meshtastic/firmware/security/advisories/GHSA-4q84-546j-3mf5

Benzer Kayıtlar

High

CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by t…

Medium

CVE-2025-53627

Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces as…

Critical

CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publi…

Low

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not…

Medium

CVE-2025-53637

Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_reques…

Critical

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure o…