CVE-2025-24797

Published Apr 15, 2025

Last updated 2 months ago

CVSS critical 9.4

Overview

Description
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.4
Impact score
5.5
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-119

Social media

Hype score
Not currently trending

  1. Meshtastic の深刻な脆弱性 CVE-2025-24797 が FIX:不正なメッシュ・パケットによる RCE https://t.co/KjmxSfkJhB この脆弱性は、本文でも触れられている通り、LoRa メッシュ・ネットワークの特性を悪用して、複数のノード

    @iototsecnews

    5 May 2025

    115 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A critical vulnerability (CVE-2025-24797) in Meshtastic allows unauthenticated remote code execution via malformed packets. Upgrade to firmware 2.6.2 to secure devices. ⚠️ #Meshtastic #RCE #USA link: https://t.co/aAhT82Gl38 https://t.co/RLu8hWHXMM

    @TweetThreatNews

    21 Apr 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-24797 ⚠️🔴 CRITICAL (9.4) 🏢 meshtastic - firmware 🏗️ < 2.6.2 🔗 https://t.co/wURjqKVJpx #CyberCron #VulnAlert #InfoSec https://t.co/RYtn2kFqjA

    @cybercronai

    16 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-24797: CRITICAL] Warning: Cybersecurity risk in Meshtastic mesh networking software allows remote code execution via buffer overflow. Update to version 2.6.2 to fix this critical vulnerability.#cybersecurity,#vulnerability https://t.co/gRdK4wpHd9 https://t.co/dz0taSP9MP

    @CveFindCom

    15 Apr 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-24797 Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled b… https://t.co/SuhfjxGtqJ

    @CVEnew

    14 Apr 2025

    541 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.