Meshtastic Meshtastic Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Meshtastic Meshtastic Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2025-55293 — CVSS 9.4 (critical): Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then…
CVE-2025-24797 — CVSS 9.4 (critical): Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result…
CVE-2025-52464 — CVSS 8.3 (high): Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware…
CVE-2025-55292 — CVSS 8.2 (high): Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID…
CVE-2024-47078 — CVSS 8.1 (high): Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a…
CVE-2024-45038 — CVSS 7.5 (high): Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run…
CVE-2024-47065 — CVSS 6.5 (medium): Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited…
CVE-2024-47079 — CVSS 6.4 (medium): Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is…
CVE-2025-21608 — CVSS 5.3 (medium): Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM…
CVE-2025-53627 — CVSS 5.3 (medium): Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption…
CVE-2024-51500 — CVSS 5.3 (medium): Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from…
CVE-2025-24798 — CVSS 4.3 (medium): Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains…
CVE-2025-53637 — CVSS 4.1 (medium): Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event…