CVE-2025-53637

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.6

Description: Meshtastic is an open source mesh networking solution. The main matrix.yml GitHub Action is triggered by the pull request target event, which has extensive permissions and can be initiated by an attacker who has forked the repository and created a pull request. In the shell code execution part, user-controlled input is interpolated unsafely into the code. If exploited, attackers could inject unauthorized code into the repository.

Recommendations: Update to version 2.6.6 or later.