CVE-2025-53627
Encryption Downgrade Vulnerability in Meshtastic Firmware Direct Messages
Publication date: 2025-12-29
Last updated on: 2026-02-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meshtastic | meshtastic_firmware | From 2.5.0 (inc) to 2.7.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Meshtastic firmware occurs because when the 'pki_encrypted' flag is missing, the firmware falls back to using legacy AES-256-CTR channel encryption instead of the intended asymmetric PKI encryption for direct messages. However, the end-user applications cannot distinguish between messages encrypted with PKI and those using legacy encryption. This allows attackers who know the shared channel key to perform a downgrade attack by crafting and injecting spoofed direct messages that appear to be securely encrypted with PKI, misleading users about the true security of their messages.
How can this vulnerability impact me? :
This vulnerability can impact users by allowing adversaries who know the shared channel key to inject spoofed direct messages that appear to be securely encrypted with PKI but are actually encrypted with weaker legacy encryption. This undermines the security guarantees of end-to-end encryption, potentially leading to message spoofing and deception without users being aware that the messages are not properly secured.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Meshtastic firmware to version 2.7.15 or later, which fixes the issue by properly differentiating between PKI encrypted and legacy encrypted direct messages, thereby preventing the downgrade attack.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring direct messages (DMs) on numport 4 (TEXT_MESSAGE_APP) over LoRa or MQTT and checking if messages are being decrypted using legacy AES-256-CTR encryption instead of PKI encryption. Specifically, you can capture MeshPackets addressed to your node and inspect whether the pki_encrypted flag is missing or false, indicating fallback to legacy encryption. To detect potential spoofed messages, you can analyze traffic for packets encrypted with the known symmetric channel key but lacking the pki_encrypted flag. Commands would involve capturing LoRa or MQTT traffic on numport 4 and decrypting payloads with both PKI keys and the symmetric AES-256-CTR key to identify fallback decryptions. For example, using a packet capture tool to filter on numport 4 and custom scripts to check the pki_encrypted flag and encryption type. However, no specific commands are provided in the resources. [1]