CVE-2025-21608

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.19

Description: Meshtastic is an open source mesh networking solution. In affected firmware versions, crafted packets over MQTT can appear as a DM in client to a node even though they were not decoded with PKC.

Recommendations: For versions prior to 2.5.19, upgrade to version 2.5.19 to resolve the issue. As a temporary workaround, consider restricting the use of MQTT protocol until a patch is available. Avoid using the PKC decoding for DM packets in the affected firmware versions until the issue is resolved.