- Description
- Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part, user-controlled input is interpolated unsafely into the code. If this were to be exploited, attackers could inject unauthorized code into the repository. This vulnerability is fixed in 2.6.6.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4.1
- Impact score
- 1.4
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
- Severity
- MEDIUM
- security-advisories@github.com
- CWE-78
- Hype score
- Not currently trending
CVE-2025-53637 Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permission… https://t.co/p7IX2v3vBD
@CVEnew
11 Jul 2025
136 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53637 Meshtastic GitHub Action Remote Code Execution via Pull Request Injection https://t.co/7Lx6IHDAjG
@VulmonFeeds
11 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes