CVE-2025-65824
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meatmeet | device | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an unauthenticated attacker who is physically close to the Meatmeet device to perform an unauthorized Over The Air (OTA) firmware upgrade via Bluetooth Low Energy (BLE). Because the device does not verify the authenticity of firmware upgrades, the attacker can overwrite the device's firmware with malicious code, leading to Remote Code Execution (RCE) on the device.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can gain remote code execution on the Meatmeet device, effectively taking full control of it. This results in the victim losing complete access to their device, which could disrupt its intended functionality and potentially lead to further security risks depending on the device's use.