Vulnerability in Meshtastic Firmware

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to…

EPSS: 0.003 (50.6th percentile) — read the EPSS interpretation.

Affected products

Meshtastic Firmware — versions > 2.5.0, < 2.6.11

Weakness classification (CWE)

CWE-331 — Insufficient Entropy

References

https://github.com/meshtastic/firmware/security/advisories/GHSA-gq7v-jr8c-mfr7 (x_refsource_CONFIRM)
https://github.com/meshtastic/firmware/commit/4bf2dd04aeeccc4ba20c79bcaad7a572aabdecad (x_refsource_MISC)
https://github.com/meshtastic/firmware/commit/55b2bbf93756fc7bbbfdbc7cbf29f88e6b637f22 (x_refsource_MISC)
https://github.com/meshtastic/firmware/commit/e5f6804421ac4b76dd31980250a505dba24c2aa6 (x_refsource_MISC)
https://github.com/meshtastic/firmware/commit/e623c70bd0c2ab9db9baf04888e19d1428310bb9 (x_refsource_MISC)