Vulnerability in Meshtastic Firmware

CVE-2025-21608

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in vers…

EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.

Affected products

Meshtastic Firmware — versions >= 2.5.0, <= 2.5.18

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

https://github.com/meshtastic/firmware/security/advisories/GHSA-c967-qc39-3hf5 (x_refsource_CONFIRM)