Vulnerability cyber

Meshtastic

Jun 23, 2025 1 min read
Meshtastic

Meshtastic firmware above v2.5.0 has a severe security flaw allowing attackers to decrypt private messages. Duplicate cryptographic keys and poor randomness in key generation created predictable, compromised keys across devices. Attackers can read encrypted messages and gain unauthorized admin access to mesh network nodes. Update to v2.6.11 immediately and perform factory reset using meshtastic --factory-reset-device command.

Source: https://cybersecuritynews.com/meshtastic-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/meshtastic

"id": "mes303062325",
"linkid": "meshtastic",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Meshtastic',
                        'type': 'Software'}],
 'attack_vector': ['Key Pair Duplication', 'Low-Entropy Key Generation'],
 'data_breach': {'data_encryption': 'Compromised',
                 'type_of_data_compromised': 'Private messages'},
 'description': 'A critical security vulnerability has been discovered in '
                'Meshtastic firmware that could allow attackers to decrypt '
                'private messages sent between devices. The flaw, assigned a '
                'CVSS score of 9.5 out of 10, affects all versions above 2.5.0 '
                'and stems from repeated public/private key pairs generated '
                'during hardware flashing procedures.',
 'impact': {'data_compromised': 'Private messages',
            'systems_affected': 'Meshtastic mesh network nodes'},
 'motivation': 'Unauthorized access to encrypted messages and admin control',
 'post_incident_analysis': {'corrective_actions': ['Update to v2.6.11',
                                                   'Factory reset',
                                                   'Generate high-entropy '
                                                   'keys'],
                            'root_causes': ['Duplicate cryptographic keys',
                                            'Poor randomness in key '
                                            'generation']},
 'recommendations': 'Immediate update to v2.6.11, perform factory reset, '
                    'generate high-entropy keys using OpenSSL',
 'response': {'containment_measures': 'Factory reset using meshtastic '
                                      '--factory-reset-device command',
              'remediation_measures': 'Update to v2.6.11'},
 'threat_actor': 'Unknown',
 'title': 'Meshtastic Firmware Security Flaw',
 'type': 'Security Vulnerability',
 'vulnerability_exploited': 'Cryptographic Implementation Flaws'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.