CVE-2025-65822
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-12

Assigner: MITRE

Description
The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be executed upon running. As a result, the victim will lose access to the functionality of their device and the attack may gain unauthorized access to the victim's Wi-Fi network by re-connecting to the SSID defined in the NVS partition of the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-11
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65822
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
espressif esp32 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1191 The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the ESP32 system on a chip (SoC) used in the Meatmeet Pro device, where the JTAG debugging interface is left enabled. An attacker with physical access can connect to the device via JTAG and reflash its firmware with malicious code, which will then execute when the device runs.

Impact Analysis

The impact includes loss of device functionality for the victim and potential unauthorized access to the victim's Wi-Fi network. The attacker can reflash the device firmware to connect to the SSID stored in the device's NVS partition, potentially compromising network security.

Mitigation Strategies

To mitigate this vulnerability, disable JTAG on the ESP32 device to prevent unauthorized physical access and firmware reflashing. Ensure physical security of the device to prevent attackers from connecting to the JTAG port.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65822. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart