CVE-2025-52464

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-52464

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52464.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-52464

Aliases

GHSA-gq7v-jr8c-mfr7

Published

2025-06-19T16:15:22Z

Modified

2025-06-26T21:04:47.640399Z

Summary

[none]

Details

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some platforms, leading to possible low-entropy key generation. When users with an affected key pair sent Direct Messages, those message could be captured and decrypted by an attacker that has compiled the list of compromised keys. This issue has been patched in version 2.6.11 where key generation is delayed til the first time the LoRa region is set, along with warning users when a compromised key is detected. Version 2.6.12 furthers this patch by automatically wiping known compromised keys when found. A workaround to this vulnerability involves users doing a complete device wipe to remove vendor-cloned keys.

References

Affected packages

Git / github.com/meshtastic/firmware

Affected ranges

Type: GIT
Repo: https://github.com/meshtastic/firmware
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4bf2dd04aeeccc4ba20c79bcaad7a572aabdecad

Fixed

55b2bbf93756fc7bbbfdbc7cbf29f88e6b637f22

Fixed

e5f6804421ac4b76dd31980250a505dba24c2aa6

Fixed

e623c70bd0c2ab9db9baf04888e19d1428310bb9

Affected versions

0.*

0.0.3

0.0.4

0.0.5

0.0.9

0.1.0

0.1.10

0.1.3

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.3

0.4.1

0.4.2

0.4.3

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.7

0.6.8

0.7.10

0.7.11

0.7.4

0.7.5

0.7.6

0.7.6b

0.7.7

0.7.8

0.7.9

0.8.1

0.8.1-fixed

0.8.2

0.9.1

0.9.2

0.9.3

0.9.5

0.9.6

0.9.7

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.1.20

1.1.23

1.1.3

1.1.30

1.1.31

1.1.32

1.1.33

1.1.4

1.1.42

1.1.46

1.1.47

1.1.48

1.1.5

1.1.50

1.1.6

1.1.7

1.1.8

1.2.1

1.2.10

1.2.11

1.2.13

1.2.16

1.2.17

1.2.20

1.2.23

1.2.25

1.2.28

1.2.4

1.2.5

1.2.6

1.2.9

v1.*

v1.2.29.6c95659

v1.2.30.80e4bc6

v1.2.38.451b085

v1.2.38.cf4e508

v1.2.39.06892c4

v1.2.41.32f3682

v1.2.42.2759c8d

v1.2.43.a405d81

v1.2.44.f2c9c55

v1.2.46.dce2fe4

v1.2.47

v1.2.48.371335e

v1.2.49.5354c49

v1.2.50.41dcfdd

v1.2.51.f9ff06b

v1.2.52.b63802c

v1.2.53.19c1f9f

v1.2.54.288f2be

v1.2.55.9db7c62

v1.2.testing1

v1.3.10.4df0e91

v1.3.10.cc2a84a

v1.3.11.0411401

v1.3.12.6306c53

v1.3.13.71a43a9

v1.3.15.432d067

v1.3.16.97899ae

v1.3.17.c9822de

v1.3.19.3c6a2f7

v1.3.20.9a5ff93

v1.3.21.cf00ac5

v1.3.22.c725a6b

v1.3.23.5462d84

v1.3.24.dff6915

v1.3.25.85f46d3

v1.3.26.0010231

v1.3.27.c88ba58

v1.3.28.41f9541

v1.3.29.7afc149

v1.3.3.2fe124e

v1.3.30.9fe2ddb

v1.3.31.0084643

v1.3.32.7e6c22f

v1.3.33.ab0095c

v1.3.34.401b5d9

v1.3.35.3251cd5

v1.3.36.64f852e

v1.3.36.7e03019

v1.3.36.dd720f2

v1.3.37.97712a9

v1.3.38.1253abd

v1.3.39.ddc3727

v1.3.4.2b20bf3

v1.3.40.e87ecc2

v1.3.41.80ddb81

v1.3.42.9bd9252

v1.3.43.aae9d2f

v1.3.44.4fa8d02

v1.3.45.b0d0552

v1.3.46.d4ea956

v1.3.47.05147c0

v1.3.48.82bcd39

v1.3.5.e5b19fd

v1.3.6.f511bab

v1.3.7.bb22b6e

v1.3.8.90df7c2

v1.3.9.92185e7

v2.*

v2.0.0.18ab874

v2.0.1.ad05b91

v2.0.10.e09b12c

v2.0.11.8914d1a

v2.0.12.2400dd4

v2.0.13.7e27729

v2.0.14.2baaad8

v2.0.15.aafbde0

v2.0.16.2242b68

v2.0.17.5d1c06b

v2.0.18.1a7991c

v2.0.19.3209aea

v2.0.2.8146e84

v2.0.20.7100416

v2.0.21.83e6cea

v2.0.22.fbfd0f1

v2.0.23.7bb281d

v2.0.3.09fe616

v2.0.4.5417671

v2.0.5.65e8209

v2.0.6.97fd5cf

v2.0.7.91ff7b9

v2.0.8.090e166

v2.0.9.6ea0963

v2.1.0.331a1af

v2.1.1.dc2ca9c

v2.1.10.7ef12c7

v2.1.11.5ec624d

v2.1.12.7711b03

v2.1.13.7475c86

v2.1.14.99a31c1

v2.1.15.cd78723

v2.1.16.a2c5b92

v2.1.17.7ca2e81

v2.1.18.de53280

v2.1.19.eb7025f

v2.1.2.6d20215

v2.1.20.470363d

v2.1.21.97d7a89

v2.1.22.191a69d

v2.1.23.04bbdc6

v2.1.3.8c68d88

v2.1.4.958d2cf

v2.1.5.23272da

v2.1.6.5679a82

v2.1.7.242f880

v2.1.8.ee971e3

v2.1.9.d43ddc9

v2.2.0.9f6584b

v2.2.1.fb5f2e4

v2.2.10.7cebd79

v2.2.11.10265aa

v2.2.12.092e6f2

v2.2.13.f570204

v2.2.14.57542ce

v2.2.15.31c4693

v2.2.16.1c6acfd

v2.2.17.dbac2b1

v2.2.18.e9bde80

v2.2.19.8f6a283

v2.2.2.f35c7be

v2.2.20.af5ac32

v2.2.21.7f7c5cb

v2.2.22.404d0dd

v2.2.23.5672e68

v2.2.24.e6a2c06

v2.2.3.282cc0b

v2.2.4.3bcab0e

v2.2.5.8255128

v2.2.6.b53cb38

v2.2.7.e8970ad

v2.2.8.61f6fb2

v2.2.9.47301a5

v2.3.0.5f47ca1

v2.3.1.4fa7f5a

v2.3.10.d19607b

v2.3.11.2740a56

v2.3.12.24458a7

v2.3.13.83f5ba0

v2.3.14.64531fa

v2.3.15.deb7c27

v2.3.2.63df972

v2.3.3.8187fa7

v2.3.4.ea61808

v2.3.5.2f9b68e

v2.3.6.7a3570a

v2.3.7.30fbcab

v2.3.8.d490a33

v2.3.9.f06c56a

v2.4.0.46d7b82

v2.4.1.394e0e1

v2.4.2.5b45303

v2.4.3.efc27f2

v2.5.0.33eb073

v2.5.0.9ac0e26

v2.5.0.9e55e6b

v2.5.0.ab7de7f

v2.5.0.d6dac17

v2.5.0.e470619

v2.5.10.0fc5c9b

v2.5.11.8e2a3e5

v2.5.12.aa184e6

v2.5.13.1a06f88

v2.5.13.295278b

v2.5.14.f2ee0df

v2.5.15.79da236

v2.5.16.f81d3b0

v2.5.17.b4b2fd6

v2.5.18.89ebafc

v2.5.19.d5cd6f8

v2.5.19.f9876cf

v2.5.2.771cb52

v2.5.20.4c97351

v2.5.21.447533a

v2.5.22.d1fa27d

v2.5.23.bf958ed

v2.5.3.a70d5ee

v2.5.4.8d288d5

v2.5.5.e182ae7

v2.5.6.d55c08d

v2.5.7.f77c87d

v2.5.8.6485f03

v2.5.9.936260f

v2.6.0.f7afa9a

v2.6.1.7c3edde

v2.6.10.9ce4455

v2.6.2.31c0e8f

v2.6.3.640e731

v2.6.3.d28af68

v2.6.4.b89355f

v2.6.5.fc3d9f2

v2.6.6.54c1423

v2.6.7.2d6181f

v2.6.8.ef9d0d7

v2.6.9.f223b8a