CVE-2025-55293
BaseFortify
Publication date: 2025-08-18
Last updated on: 2025-10-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meshtastic | meshtastic_firmware | to 2.6.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55293 is a critical vulnerability in the Meshtastic firmware prior to version 2.6.3. It allows an attacker to overwrite a node's stored public key in the NodeDB by exploiting how NodeInfo packets are handled. The attacker first sends a NodeInfo packet with an empty publicKey, which clears the existing key for a known node by resetting its size to zero. Then, the attacker sends another NodeInfo packet with a malicious new publicKey, which is accepted and stored because the previous key was cleared. This flaw arises because the code does not properly prevent overwriting when an empty key is sent first, allowing unauthorized replacement of cryptographic keys in the mesh network. [2, 3]
How can this vulnerability impact me? :
This vulnerability can severely impact the security of your mesh network by allowing an attacker with network access to replace any node's public key without any privileges or user interaction. This unauthorized key replacement compromises confidentiality and integrity, as the attacker can impersonate nodes or intercept and manipulate communications. The availability impact is low, but the ability to maliciously modify cryptographic keys undermines trust and security of the entire network. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious NodeInfo packets that first send an empty publicKey followed by a malicious publicKey to overwrite existing keys in the NodeDB. Since the vulnerability is exploited via network messages, you can capture and analyze network traffic to identify such sequences. Using packet capture tools like tcpdump or Wireshark, filter for NodeInfo messages and inspect the publicKey fields for empty followed by non-empty keys from the same node. Example command to capture traffic on the relevant interface: `tcpdump -i <interface> -w capture.pcap` followed by analysis in Wireshark to look for NodeInfo packets with empty then replaced publicKey fields. Additionally, reviewing logs from Meshtastic nodes for messages indicating public key updates or anomalies may help detect exploitation attempts. However, no specific built-in commands or signatures are provided in the resources. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Meshtastic firmware to version 2.6.3 or later, where the vulnerability is fixed. The fix prevents the overwriting of existing public keys by rejecting empty publicKey messages that would clear stored keys, thereby blocking the exploit. Until the upgrade is applied, restrict network access to trusted nodes only to reduce exposure to remote attackers. Monitoring and alerting on suspicious NodeInfo packets may also help mitigate risk. Applying the official patch or firmware update is the recommended and effective mitigation. [1, 2, 3]