Buffer Overflow in Meshtastic Mesh Networking Solution
CVE-2025-24797

9.4CRITICAL

Key Information:

Vendor: Meshtastic
Status: Firmware
Vendor: CVE Published:; 15 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-24797?

The Meshtastic firmware, an open-source solution for mesh networking, is susceptible to a buffer overflow due to improper handling of mesh packets containing malformed protobuf data. This vulnerability allows an attacker to take control of execution flow on the device, posing a risk of remote code execution. Notably, this attack can be initiated without the need for authentication or user interaction, as long as the targeted device is configured to rebroadcast packets on the default channel. The issue has been addressed in version 2.6.2 of the firmware.

Affected Version(s)

firmware < 2.6.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-24797
Created by Alainx277

References

https://github.com/meshtastic/firmware/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Apr 17, 2025
👾
Exploit known to exist
Apr 17, 2025
Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Jan 23, 2025