CVE-2025-24798

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-24798

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24798.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24798

Aliases

GHSA-4q84-546j-3mf5

Published

2025-07-10T21:22:30.299Z

Modified

2026-04-12T14:04:26.035495Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Meshtastic crashes via an unimplemented routing module reply

Details

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This vulnerability is fixed in 2.6.2.

Database specific

{
    "cwe_ids": [
        "CWE-617"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24798.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/meshtastic/firmware

Affected ranges

Type

GIT

Repo

https://github.com/meshtastic/firmware

Events

Introduced

531600f5ab026852cf72ce71f04ad9088309b81f

Fixed

31c0e8fa2ca0cce903e73749454324c672c18b4c

Database specific

{
    "versions": [
        {
            "introduced": "1.2.1"
        },
        {
            "fixed": "2.6.2"
        }
    ]
}

Affected versions

v1.*

v1.2.29.6c95659

v1.2.30.80e4bc6

v1.2.38.cf4e508

v1.2.39.06892c4

v1.2.41.32f3682

v1.2.44.f2c9c55

v1.2.47

v1.2.48.371335e

v1.2.49.5354c49

v1.2.50.41dcfdd

v1.2.51.f9ff06b

v1.2.52.b63802c

v1.2.53.19c1f9f

v1.2.54.288f2be

v1.2.55.9db7c62

v1.2.testing1

v1.3.10.4df0e91

v1.3.10.cc2a84a

v1.3.11.0411401

v1.3.12.6306c53

v1.3.13.71a43a9

v1.3.15.432d067

v1.3.16.97899ae

v1.3.17.c9822de

v1.3.19.3c6a2f7

v1.3.20.9a5ff93

v1.3.21.cf00ac5

v1.3.22.c725a6b

v1.3.23.5462d84

v1.3.24.dff6915

v1.3.25.85f46d3

v1.3.26.0010231

v1.3.27.c88ba58

v1.3.28.41f9541

v1.3.29.7afc149

v1.3.3.2fe124e

v1.3.30.9fe2ddb

v1.3.31.0084643

v1.3.32.7e6c22f

v1.3.33.ab0095c

v1.3.34.401b5d9

v1.3.35.3251cd5

v1.3.36.64f852e

v1.3.36.7e03019

v1.3.36.dd720f2

v1.3.37.97712a9

v1.3.38.1253abd

v1.3.39.ddc3727

v1.3.4.2b20bf3

v1.3.40.e87ecc2

v1.3.41.80ddb81

v1.3.42.9bd9252

v1.3.43.aae9d2f

v1.3.44.4fa8d02

v1.3.46.d4ea956

v1.3.47.05147c0

v1.3.48.82bcd39

v1.3.5.e5b19fd

v1.3.6.f511bab

v1.3.7.bb22b6e

v1.3.8.90df7c2

v1.3.9.92185e7

v2.*

v2.0.0.18ab874

v2.0.1.ad05b91

v2.0.10.e09b12c

v2.0.11.8914d1a

v2.0.12.2400dd4

v2.0.13.7e27729

v2.0.14.2baaad8

v2.0.15.aafbde0

v2.0.16.2242b68

v2.0.17.5d1c06b

v2.0.18.1a7991c

v2.0.19.3209aea

v2.0.2.8146e84

v2.0.20.7100416

v2.0.21.83e6cea

v2.0.22.fbfd0f1

v2.0.23.7bb281d

v2.0.3.09fe616

v2.0.6.97fd5cf

v2.0.7.91ff7b9

v2.0.8.090e166

v2.0.9.6ea0963

v2.1.0.331a1af

v2.1.1.dc2ca9c

v2.1.10.7ef12c7

v2.1.11.5ec624d

v2.1.12.7711b03

v2.1.13.7475c86

v2.1.14.99a31c1

v2.1.15.cd78723

v2.1.16.a2c5b92

v2.1.17.7ca2e81

v2.1.18.de53280

v2.1.19.eb7025f

v2.1.2.6d20215

v2.1.20.470363d

v2.1.21.97d7a89

v2.1.22.191a69d

v2.1.23.04bbdc6

v2.1.3.8c68d88

v2.1.4.958d2cf

v2.1.5.23272da

v2.1.6.5679a82

v2.1.7.242f880

v2.1.9.d43ddc9

v2.2.0.9f6584b

v2.2.1.fb5f2e4

v2.2.10.7cebd79

v2.2.11.10265aa

v2.2.12.092e6f2

v2.2.13.f570204

v2.2.14.57542ce

v2.2.15.31c4693

v2.2.16.1c6acfd

v2.2.17.dbac2b1

v2.2.18.e9bde80

v2.2.19.8f6a283

v2.2.2.f35c7be

v2.2.20.af5ac32

v2.2.21.7f7c5cb

v2.2.22.404d0dd

v2.2.23.5672e68

v2.2.24.e6a2c06

v2.2.3.282cc0b

v2.2.4.3bcab0e

v2.2.5.8255128

v2.2.6.b53cb38

v2.2.7.e8970ad

v2.2.8.61f6fb2

v2.2.9.47301a5

v2.3.0.5f47ca1

v2.3.1.4fa7f5a

v2.3.10.d19607b

v2.3.11.2740a56

v2.3.12.24458a7

v2.3.13.83f5ba0

v2.3.14.64531fa

v2.3.15.deb7c27

v2.3.2.63df972

v2.3.3.8187fa7

v2.3.4.ea61808

v2.3.5.2f9b68e

v2.3.6.7a3570a

v2.3.7.30fbcab

v2.3.8.d490a33

v2.3.9.f06c56a

v2.4.0.46d7b82

v2.4.1.394e0e1

v2.4.2.5b45303

v2.4.3.efc27f2

v2.5.0.33eb073

v2.5.0.9ac0e26

v2.5.0.9e55e6b

v2.5.0.ab7de7f

v2.5.0.d6dac17

v2.5.0.e470619

v2.5.10.0fc5c9b

v2.5.11.8e2a3e5

v2.5.12.aa184e6

v2.5.13.1a06f88

v2.5.13.295278b

v2.5.14.f2ee0df

v2.5.15.79da236

v2.5.16.f81d3b0

v2.5.17.b4b2fd6

v2.5.18.89ebafc

v2.5.19.d5cd6f8

v2.5.19.f9876cf

v2.5.2.771cb52

v2.5.20.4c97351

v2.5.21.447533a

v2.5.22.d1fa27d

v2.5.23.bf958ed

v2.5.3.a70d5ee

v2.5.4.8d288d5

v2.5.5.e182ae7

v2.5.6.d55c08d

v2.5.7.f77c87d

v2.5.8.6485f03

v2.5.9.936260f

v2.6.0.f7afa9a

v2.6.1.7c3edde

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24798.json"

vanir_signatures_modified

"2026-04-12T14:04:26Z"

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1758.0,
            "function_hash": "245210903505394026043325024741897715508"
        },
        "source": "https://github.com/meshtastic/firmware/commit/31c0e8fa2ca0cce903e73749454324c672c18b4c",
        "id": "CVE-2025-24798-11af00a1",
        "signature_type": "Function",
        "target": {
            "function": "esp32Setup",
            "file": "src/platform/esp32/main-esp32.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "61906178065152490745645933840680174577",
                "28946009239950095414879604145601960566",
                "60649532268409851977496238090324167516",
                "200634508803862953288748608943237796601",
                "244993196823156081938587012998377171933",
                "314997957164196178084788819934505000108",
                "274879986595756875548178437855315468027",
                "182270819984620945240112518637550383490",
                "131031132699406139319836751897879463449",
                "315061169634299417854061116329323171859",
                "13850273912623731527025627215546501489",
                "3732993753203446154982775224464466777",
                "57701735102792753932437450714014955231",
                "151727272169547227909156775003071831656",
                "158085038331930558469295460800969735618",
                "232610998719035549098107118297606687147",
                "131914005922832595584348032757712868036",
                "201421653561029527719338601750206488790",
                "83125320712499385149269695774695540630",
                "275419980576526112675236469812557313254"
            ]
        },
        "source": "https://github.com/meshtastic/firmware/commit/31c0e8fa2ca0cce903e73749454324c672c18b4c",
        "id": "CVE-2025-24798-2480b0c3",
        "signature_type": "Line",
        "target": {
            "file": "src/modules/AdminModule.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 6212.0,
            "function_hash": "108084095104954802032035129130168315302"
        },
        "source": "https://github.com/meshtastic/firmware/commit/31c0e8fa2ca0cce903e73749454324c672c18b4c",
        "id": "CVE-2025-24798-2f3989e5",
        "signature_type": "Function",
        "target": {
            "function": "NodeDB::installDefaultConfig",
            "file": "src/mesh/NodeDB.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "249284301546385323913208866798342752033",
                "148313737138677794687914364016057942736",
                "125503957719484020501243424300724351197",
                "190001140620202926798782202257677909227",
                "3052219449725424921911434118194674663",
                "326526716262538329982181416973430293668",
                "220183260852286607517051190966862909215",
                "66875154906076421416391399934220641088",
                "309957815677007174062473363833019292325",
                "185962665488891403066726700657332529563",
                "128188205448738089204241983939314957855",
                "307694384273612590918886186445643392808"
            ]
        },
        "source": "https://github.com/meshtastic/firmware/commit/31c0e8fa2ca0cce903e73749454324c672c18b4c",
        "id": "CVE-2025-24798-5291d4f9",
        "signature_type": "Line",
        "target": {
            "file": "src/platform/esp32/main-esp32.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "319846714653623395037710379554644507513",
                "293655723608504213056212379130841077548",
                "159552122833603300490442198778233625697",
                "192545791781481665433966103126359132349",
                "120863761192394302846507171525228177771",
                "185421457120135663455896398193937494855"
            ]
        },
        "source": "https://github.com/meshtastic/firmware/commit/31c0e8fa2ca0cce903e73749454324c672c18b4c",
        "id": "CVE-2025-24798-9f5505c9",
        "signature_type": "Line",
        "target": {
            "file": "src/mesh/NodeDB.cpp"
        }
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 12256.0,
            "function_hash": "273999714152949001576815024458923749623"
        },
        "source": "https://github.com/meshtastic/firmware/commit/31c0e8fa2ca0cce903e73749454324c672c18b4c",
        "id": "CVE-2025-24798-ccc3d79f",
        "signature_type": "Function",
        "target": {
            "function": "AdminModule::handleReceivedProtobuf",
            "file": "src/modules/AdminModule.cpp"
        }
    }
]