Unknown · Meshtastic · CVE-2025-55293
Name of the Vulnerable Software and Affected Versions:
Meshtastic versions prior to 2.6.3
Description:
Meshtastic is a mesh networking solution. An attacker can send `NodeInfo` with an empty `publicKey` to bypass size checks, clearing the existing public key. Subsequently, a new key can be sent and stored in `NodeDB`, overwriting the legitimate key.
Recommendations:
Update to version 2.6.3.