Primary

Context

Meshtastic MQTT Packet Forgery Vulnerability Leading to Unauthorized Direct Messages

Vulnerability

A vulnerability in Meshtastic firmware versions 2.5.0 through 2.5.18 allows crafted packets over MQTT to be delivered as direct messages to a client node, bypassing proper decoding with public key cryptography. This issue has been addressed in version 2.5.19. There are no known workarounds.

Impact

Exploitation of this vulnerability allows for unauthorized direct messages to be sent to a client node, potentially leading to misinformation or disruption of communication.

Remediation

Users are advised to upgrade to version 2.5.19.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Meshtastic MQTT Packet Forgery Vulnerability Leading to Unauthorized Direct Messages

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating