CVE-2025-55293

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.3

Description: Meshtastic is a mesh networking solution. An attacker can send NodeInfo with an empty publicKey to bypass size checks, clearing the existing public key. Subsequently, a new key can be sent and stored in NodeDB, overwriting the legitimate key.

Recommendations: Update to version 2.6.3.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2025-55293

GHSA-95PQ-GJ5V-4FG2

Affected Products

Meshtastic

CVE-2025-55293

Weakness Enumeration

Related Identifiers

Affected Products

References · 12