CVE-2025-24797

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Meshtastic versions prior to 2.6.2

Description Meshtastic is an open source mesh networking solution. A flaw in processing mesh packets with invalid protobuf data can lead to an attacker-controlled buffer overflow, potentially allowing an attacker to hijack execution flow and achieve remote code execution. This attack does not require authentication or user interaction, provided the target device rebroadcasts packets on the default channel.

Recommendations Update to version 2.6.2 to address the issue.

Exploit

Fix

RCE

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-119

Related Identifiers

BDU:2025-04856

CVE-2025-24797

GHSA-33HW-XHFH-944R

Affected Products

Meshtastic

CVE-2025-24797

Weakness Enumeration

Related Identifiers

Affected Products

References · 23