CVE-2025-65829
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meatmeet | meatmeet_pro_wifi_\&_bluetooth_meat_thermometer_firmware | 1.0.34.4 |
| meatmeet | meatmeet_pro_wifi_\&_bluetooth_meat_thermometer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists because the ESP32 system on a chip (SoC) used in the Meatmeet basestation device lacks Secure Boot. Secure Boot is a security feature that ensures only authenticated software can run on the device by verifying all software components during startup. Without Secure Boot, an attacker with physical access can flash modified firmware onto the device, causing it to execute malicious code when it starts up.
How can this vulnerability impact me? :
The vulnerability allows an attacker with physical access to the Meatmeet basestation device to install and run malicious firmware. This can lead to unauthorized control of the device, potential data breaches, disruption of device functionality, and compromise of any systems or networks connected to the device.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, enable Secure Boot on the ESP32 system to ensure that only authenticated software can execute on the device. This prevents attackers with physical access from flashing modified firmware and executing malicious code upon startup.