Vulnerability Details CVE-2025-24798
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This vulnerability is fixed in 2.6.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.1%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2025-24798
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.1
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.10
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.11
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.13
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.16
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.17
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.20
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.23
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.25
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.28
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.4
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.5
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.6
-
cpe:2.3:o:meshtastic:meshtastic_firmware:1.2.9
-
cpe:2.3:o:meshtastic:meshtastic_firmware:2.4.1
-
cpe:2.3:o:meshtastic:meshtastic_firmware:2.5.0
-
cpe:2.3:o:meshtastic:meshtastic_firmware:2.5.1
-
cpe:2.3:o:meshtastic:meshtastic_firmware:2.5.19
-
cpe:2.3:o:meshtastic:meshtastic_firmware:2.5.6