CVE-2025-65829

Medium CVSS: 6.8

The ESP32 system on a chip (SoC) that powers the Meatmeet basestation device was found to lack Secure Boot. The Secure Boot feature ensures that only authenticated software can execute on the device. The Secure Boot process forms a chain of trust by verifying all mutable software entities involved in the Application Startup Flow. As a result, an attacker with physical access to the device can flash modified firmware to the device, resulting in the execution of malicious code upon startup.

Vendor

Meatmeet

Product

Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware

CWE

CWE-94

Yayın Tarihi

2025-12-10 21:16:08

Güncelleme

2025-12-30 18:56:15

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware MEDIUM Meatmeet 2025

Referanslar

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-secure-boot-disabled-md https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/Secure-Boot-Disabled.md

Benzer Kayıtlar

Medium

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the applicati…

Critical

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was d…

High

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmw…

Medium

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet devi…

Critical

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retri…

Critical

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over…