CVE-2025-24798

Exploit

EPSS 0.38%
Veröffentlicht 10.07.2025 21:22:30
Zuletzt bearbeitet 22.08.2025 16:02:31
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Meshtastic crashes via an unimplemented routing module reply

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This vulnerability is fixed in 2.6.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Meshtastic ≫ Meshtastic Firmware Version >= 1.2.1 < 2.6.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.291

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://github.com/meshtastic/firmware/security/advisories/GHSA-4q84-546j-3mf5

Third Party Advisory

Exploit

https://github.com/meshtastic/firmware/commit/dc100e4d3e3dfbf58d3ead8141a49cddb0cbdc19

Patch

https://github.com/meshtastic/firmware/blob/cdcbf4c61550e45c125e17a20aff4275e9389655/src/modules/RoutingModule.cpp#L44-L48

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-24798

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-24798

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-24798

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-24798