Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 23 Sep 2025 19:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Meshtastic meshtastic Firmware | |
| CPEs | cpe:2.3:o:meshtastic:meshtastic_firmware:*:*:*:*:*:*:*:* | |
| Vendors & Products | Meshtastic meshtastic Firmware | |
| Metrics | cvssV3_1 
 | 
Wed, 19 Feb 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Tue, 18 Feb 2025 18:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |
| Title | Forged packets over MQTT can show up in direct messages in Meshtastic firmware | |
| Weaknesses | CWE-668 | |
| References |  | |
| Metrics | cvssV4_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-02-18T18:17:28.752Z
Updated: 2025-02-19T15:16:07.151Z
Reserved: 2024-12-29T03:00:24.712Z
Link: CVE-2025-21608
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-02-19T14:44:15.425Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-02-18T19:15:25.220
Modified: 2025-09-23T19:20:35.733
Link: CVE-2025-21608
 Redhat
                        Redhat
                    No data.