CNNVD-202512-4955 Information

CNNVD ID

CNNVD-202512-4955

Related CVE

CVE-2025-53627

• CNNVD Published: 2025-12-29

Description (Chinese)

Meshtastic是Meshtastic开源的一种去中心化无线离网网状网络 LoRa 协议。 Meshtastic 2.5版本至2.7.15之前版本存在安全漏洞，该漏洞源于缺少PKI加密标志时的降级攻击路径，可能导致攻击者注入伪造的直接消息。

Description (English)

Meshtastic is a decentralised wireless network LoRA protocol that is an open source of Meshtastic. There is a security loophole in the previous versions of Meshtastic 2.5 to 2.7.15, which stems from a downgrade attack path in the absence of a PKI encryption sign, which could lead to the injection of false direct information by the attackers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Meshtastic

Published

2025-12-29

Last Modified

2026-02-24

References

https://github.com/meshtastic/firmware/security/advisories/GHSA-377p-prwp-4hwf https://access.redhat.com/security/cve/cve-2025-53627

Patch

https://meshtastic.org/downloads/