CVE-2025-24798
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-08-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meshtastic | meshtastic_firmware | From 1.2.1 (inc) to 2.6.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Meshtastic occurs when a specially crafted packet with the field want_response set to true is sent to the routing module. This causes the module to crash, leading to a denial of service condition for nodes within range of the attacker or via MQTT if downlink is enabled. It affects versions from 1.2.1 up to 2.6.2 and is fixed in version 2.6.2.
How can this vulnerability impact me? :
The vulnerability can cause a crash in the routing module of Meshtastic nodes, resulting in a degradation of service or denial of service for affected nodes. This means that communication within the mesh network can be disrupted by a malicious sender, potentially impacting network availability and reliability.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Meshtastic to version 2.6.2 or later, as this version contains the fix for the vulnerability that causes a crash when a packet with want_response==true is sent to the routing module.