CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-65821

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to reflash the device with their own firmware which may contain malicious modifications.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.8%

CVSS Severity

CVSS v3 Score 7.5

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-uart-download-mode-enabled-md
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/UART-Download-Mode-Enabled.md

Products affected by CVE-2025-65821

Meatmeet » Meatmeet Pro Wifi & Bluetooth Meat Thermometer » Version: N/A

cpe:2.3:h:meatmeet:meatmeet_pro_wifi_&_bluetooth_meat_thermometer:-
Meatmeet » Meatmeet Pro Wifi & Bluetooth Meat Thermometer Firmware » Version: 1.0.34.4

cpe:2.3:o:meatmeet:meatmeet_pro_wifi_&_bluetooth_meat_thermometer_firmware:1.0.34.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-65821

Products

Pricing

Contact Us