Home > Vulnerability Database > CVE-2025-21608

Mend.io Vulnerability Database

CVE-2025-21608

Date: February 18, 2025

Meshtastic is an open source mesh networking solution. In affected firmware versions crafted packets over MQTT are able to appear as a DM in client to a node even though they were not decoded with PKC. This issue has been addressed in version 2.5.19 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

5.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-21608

Url: https://github.com/meshtastic/firmware/security/advisories/GHSA-c967-qc39-3hf5

Url: https://www.mend.io/vulnerability-database/CVE-2025-21608

Severity Score

5.3

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-21608

Date: February 18, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?