Authentication Bypass Vulnerability in Meshtastic Networking Solution by Meshtastic
CVE-2025-55292

8.2HIGH

Key Information:

Vendor: Meshtastic
Status: Firmware
Vendor: CVE Published:; 27 January 2026

What is CVE-2025-55292?

The Meshtastic networking solution presents an authentication bypass vulnerability due to its architecture, where a Node is identified by a NodeID derived from the MAC address instead of its public key. This weakness allows an attacker to exploit the HAM mode, which lacks encryption, and forge NodeInfo for a victim node. By doing so, the attacker can manipulate NodeDB data and change node details, enabling ongoing attacks by repeatedly sending forged information. The issue compromises the confidentiality and authenticity of messaging within the mesh network. A solution is available in the latest firmware update.

Affected Version(s)

firmware <= 2.6.2

References

https://github.com/meshtastic/firmware/security/advisorie...

x_refsource_CONFIRM

https://github.com/meshtastic/firmware/commit/e5e8683cdba...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2026
Vulnerability Reserved
Aug 12, 2025

CVE-2025-55292 Data

JSON