CNNVD-202508-2038 Information

CNNVD ID

CNNVD-202508-2038

Related CVE

CVE-2025-55293

• CNNVD Published: 2025-08-18

Description (Chinese)

Meshtastic是Meshtastic开源的一种去中心化无线离网网状网络 LoRa 协议。 Meshtastic 2.6.3之前版本存在授权问题漏洞，该漏洞源于绕过公钥验证，可能导致密钥被恶意覆盖。

Description (English)

Meshtastic is a decentralised wireless network LoRA protocol that is an open source of Meshtastic. The previous version of Meshtastic 2.6.3 had a mandate gap, which stemmed from the circumvention of the public key certification, which could lead to maliciously covering the key.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

Meshtastic

Published

2025-08-18

Last Modified

2026-02-24

References

https://github.com/meshtastic/firmware/pull/6372 https://github.com/meshtastic/firmware/security/advisories/GHSA-95pq-gj5v-4fg2 https://github.com/meshtastic/firmware/commit/cf7f0f9d0895602df3453a4f5cfea843f4e09744 https://nvd.nist.gov/vuln/detail/CVE-2025-55293

Patch

https://meshtastic.org/downloads/