meshtastic firmware Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of meshtastic firmware's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical3

High3

Medium6

Low1

In CISA’s Known Exploited Vulnerabilities catalog

None of meshtastic firmware's CVEs are currently listed in CISA's KEV catalog.

Public exploits

7 of meshtastic firmware's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every meshtastic firmware version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v1.2.29.6c956598 CVEs
v1.2.30.80e4bc68 CVEs
v1.2.38.cf4e5088 CVEs
v1.2.39.06892c48 CVEs
v1.2.41.32f36828 CVEs
v1.2.44.f2c9c558 CVEs
v1.2.478 CVEs
v1.2.48.371335e8 CVEs
v1.2.49.5354c498 CVEs
v1.2.50.41dcfdd8 CVEs
v1.2.51.f9ff06b8 CVEs
v1.2.52.b63802c8 CVEs
v1.2.53.19c1f9f8 CVEs
v1.2.54.288f2be8 CVEs
v1.2.55.9db7c628 CVEs
v1.2.testing18 CVEs
v1.3.10.4df0e918 CVEs
v1.3.10.cc2a84a8 CVEs
v1.3.11.04114018 CVEs
v1.3.12.6306c538 CVEs
v1.3.13.71a43a98 CVEs
v1.3.15.432d0678 CVEs
v1.3.16.97899ae8 CVEs
v1.3.17.c9822de8 CVEs
v1.3.19.3c6a2f78 CVEs
v1.3.20.9a5ff938 CVEs
v1.3.21.cf00ac58 CVEs
v1.3.22.c725a6b8 CVEs
v1.3.23.5462d848 CVEs
v1.3.24.dff69158 CVEs
v1.3.25.85f46d38 CVEs
v1.3.26.00102318 CVEs
v1.3.27.c88ba588 CVEs
v1.3.28.41f95418 CVEs
v1.3.29.7afc1498 CVEs
v1.3.3.2fe124e8 CVEs
v1.3.30.9fe2ddb8 CVEs
v1.3.31.00846438 CVEs
v1.3.32.7e6c22f8 CVEs
v1.3.33.ab0095c8 CVEs
v1.3.34.401b5d98 CVEs
v1.3.35.3251cd58 CVEs
v1.3.36.64f852e8 CVEs
v1.3.36.7e030198 CVEs
v1.3.36.dd720f28 CVEs
v1.3.37.97712a98 CVEs
v1.3.38.1253abd8 CVEs
v1.3.39.ddc37278 CVEs
v1.3.4.2b20bf38 CVEs
v1.3.40.e87ecc28 CVEs
v1.3.41.80ddb818 CVEs
v1.3.42.9bd92528 CVEs
v1.3.43.aae9d2f8 CVEs
v1.3.44.4fa8d028 CVEs
v1.3.46.d4ea9568 CVEs
v1.3.47.05147c08 CVEs
v1.3.48.82bcd398 CVEs
v1.3.5.e5b19fd8 CVEs
v1.3.6.f511bab8 CVEs
v1.3.7.bb22b6e8 CVEs
v1.3.8.90df7c28 CVEs
v1.3.9.92185e78 CVEs
v2.0.0.18ab8748 CVEs
v2.0.1.ad05b918 CVEs
v2.0.10.e09b12c8 CVEs
v2.0.11.8914d1a8 CVEs
v2.0.12.2400dd48 CVEs
v2.0.13.7e277298 CVEs
v2.0.14.2baaad88 CVEs
v2.0.15.aafbde08 CVEs
v2.0.16.2242b688 CVEs
v2.0.17.5d1c06b8 CVEs
v2.0.18.1a7991c8 CVEs
v2.0.19.3209aea8 CVEs
v2.0.2.8146e848 CVEs
v2.0.20.71004168 CVEs
v2.0.21.83e6cea8 CVEs
v2.0.22.fbfd0f18 CVEs
v2.0.23.7bb281d8 CVEs
v2.0.3.09fe6168 CVEs
v2.0.6.97fd5cf8 CVEs
v2.0.7.91ff7b98 CVEs
v2.0.8.090e1668 CVEs
v2.0.9.6ea09638 CVEs
v2.1.0.331a1af8 CVEs
v2.1.1.dc2ca9c8 CVEs
v2.1.10.7ef12c78 CVEs
v2.1.11.5ec624d8 CVEs
v2.1.12.7711b038 CVEs
v2.1.13.7475c868 CVEs
v2.1.14.99a31c18 CVEs
v2.1.15.cd787238 CVEs
v2.1.16.a2c5b928 CVEs
v2.1.17.7ca2e818 CVEs
v2.1.18.de532808 CVEs
v2.1.19.eb7025f8 CVEs
v2.1.2.6d202158 CVEs
v2.1.20.470363d8 CVEs
v2.1.21.97d7a898 CVEs
v2.1.22.191a69d8 CVEs
v2.1.23.04bbdc68 CVEs
v2.1.3.8c68d888 CVEs
v2.1.4.958d2cf8 CVEs
v2.1.5.23272da8 CVEs
v2.1.6.5679a828 CVEs
v2.1.7.242f8808 CVEs
v2.1.9.d43ddc98 CVEs
v2.2.0.9f6584b8 CVEs
v2.2.1.fb5f2e48 CVEs
v2.2.10.7cebd798 CVEs
v2.2.11.10265aa8 CVEs
v2.2.12.092e6f28 CVEs
v2.2.13.f5702048 CVEs
v2.2.14.57542ce8 CVEs
v2.2.15.31c46938 CVEs
v2.2.16.1c6acfd8 CVEs
v2.2.17.dbac2b18 CVEs
v2.2.18.e9bde808 CVEs
v2.2.19.8f6a2838 CVEs
v2.2.2.f35c7be8 CVEs
v2.2.20.af5ac328 CVEs
v2.2.21.7f7c5cb8 CVEs
v2.2.22.404d0dd8 CVEs
v2.2.23.5672e688 CVEs
v2.2.24.e6a2c068 CVEs
v2.2.3.282cc0b8 CVEs
v2.2.4.3bcab0e8 CVEs
v2.2.5.82551288 CVEs
v2.2.6.b53cb388 CVEs
v2.2.7.e8970ad8 CVEs
v2.2.8.61f6fb28 CVEs
v2.2.9.47301a58 CVEs
v2.3.0.5f47ca18 CVEs
v2.3.1.4fa7f5a8 CVEs
v2.3.10.d19607b8 CVEs
v2.3.11.2740a568 CVEs
v2.3.12.24458a78 CVEs
v2.3.13.83f5ba08 CVEs
v2.3.14.64531fa8 CVEs
v2.3.15.deb7c278 CVEs
v2.3.2.63df9728 CVEs
v2.3.3.8187fa78 CVEs
v2.3.4.ea618088 CVEs
v2.3.5.2f9b68e8 CVEs
v2.3.6.7a3570a8 CVEs
v2.3.7.30fbcab8 CVEs
v2.3.8.d490a338 CVEs
v2.3.9.f06c56a8 CVEs
v2.4.0.46d7b828 CVEs
v2.5.3.a70d5ee8 CVEs
v2.5.4.8d288d58 CVEs
v2.5.5.e182ae78 CVEs
0.0.37 CVEs
0.1.107 CVEs
0.1.67 CVEs
0.1.77 CVEs
0.1.87 CVEs
0.1.97 CVEs
0.2.07 CVEs
0.2.37 CVEs
0.4.17 CVEs
0.4.27 CVEs
0.4.37 CVEs
0.6.07 CVEs
0.6.17 CVEs
0.6.27 CVEs
0.6.37 CVEs
0.6.47 CVEs
0.6.77 CVEs
0.6.87 CVEs
0.7.107 CVEs
0.7.117 CVEs
0.7.47 CVEs
0.7.57 CVEs
0.7.67 CVEs
0.7.6b7 CVEs
0.7.77 CVEs
0.7.87 CVEs
0.7.97 CVEs
0.8.1-fixed7 CVEs
0.9.17 CVEs
0.9.27 CVEs
0.9.37 CVEs
0.9.57 CVEs
0.9.67 CVEs
0.9.77 CVEs
1.0.07 CVEs
1.1.07 CVEs
1.1.17 CVEs
1.1.27 CVEs
1.1.207 CVEs
1.1.237 CVEs
1.1.37 CVEs
1.1.307 CVEs
1.1.317 CVEs
1.1.327 CVEs
1.1.337 CVEs
1.1.47 CVEs
1.1.427 CVEs
1.1.467 CVEs
1.1.477 CVEs
1.1.487 CVEs
1.1.57 CVEs
1.1.507 CVEs
1.1.67 CVEs
1.1.77 CVEs
1.1.87 CVEs
1.2.17 CVEs
1.2.107 CVEs
1.2.117 CVEs
1.2.47 CVEs
1.2.57 CVEs
1.2.67 CVEs
1.2.97 CVEs
v2.4.1.394e0e17 CVEs
v2.4.2.5b453037 CVEs
v2.4.3.efc27f27 CVEs
v2.5.0.33eb0737 CVEs
v2.5.0.9ac0e267 CVEs
v2.5.0.9e55e6b7 CVEs
v2.5.0.ab7de7f7 CVEs
v2.5.0.d6dac177 CVEs
v2.5.0.e4706197 CVEs
v2.5.10.0fc5c9b7 CVEs
v2.5.11.8e2a3e57 CVEs
v2.5.12.aa184e67 CVEs
v2.5.13.1a06f887 CVEs
v2.5.13.295278b7 CVEs
v2.5.14.f2ee0df7 CVEs
v2.5.15.79da2367 CVEs
v2.5.16.f81d3b07 CVEs
v2.5.17.b4b2fd67 CVEs
v2.5.18.89ebafc7 CVEs
v2.5.2.771cb527 CVEs
v2.5.6.d55c08d7 CVEs
v2.5.7.f77c87d7 CVEs
v2.5.8.6485f037 CVEs
v2.5.9.936260f7 CVEs
v2.5.19.d5cd6f86 CVEs
v2.5.19.f9876cf6 CVEs
v2.5.20.4c973516 CVEs
v2.5.21.447533a6 CVEs
v2.5.22.d1fa27d6 CVEs
v2.5.23.bf958ed6 CVEs
v2.6.0.f7afa9a6 CVEs
v2.6.1.7c3edde6 CVEs
v1.2.38.451b0855 CVEs
v1.2.42.2759c8d5 CVEs
v1.2.43.a405d815 CVEs
v1.2.46.dce2fe45 CVEs
v1.3.45.b0d05525 CVEs
v2.0.4.54176715 CVEs
v2.0.5.65e82095 CVEs
v2.1.8.ee971e35 CVEs
0.0.44 CVEs
0.0.54 CVEs
0.0.94 CVEs
0.1.04 CVEs
0.1.34 CVEs
0.1.54 CVEs
0.8.14 CVEs
0.8.24 CVEs
1.2.134 CVEs
1.2.164 CVEs
1.2.174 CVEs
1.2.204 CVEs
1.2.234 CVEs
1.2.254 CVEs
1.2.284 CVEs
v2.6.2.31c0e8f4 CVEs
v2.6.3.640e7313 CVEs
v2.6.3.d28af683 CVEs
v2.6.4.b89355f3 CVEs
v2.6.5.fc3d9f23 CVEs
v2.6.10.9ce44552 CVEs
v2.6.6.54c14232 CVEs
v2.6.7.2d6181f2 CVEs
v2.6.8.ef9d0d72 CVEs
v2.6.9.f223b8a2 CVEs
v2.6.11.60ec05e1 CVE
v2.6.12.9861e821 CVE
v2.6.13.0561f2c1 CVE
v2.7.0.195b7cc1 CVE
v2.7.0.705515a1 CVE
v2.7.1.f35ca811 CVE
v2.7.12.45f15b81 CVE
v2.7.13.597fa0b1 CVE
v2.7.2.f6d37821 CVE
v2.7.3.cf574c71 CVE
v2.7.4.c1f4f791 CVE
v2.7.5.ddd14991 CVE

Fixed in

31c0e8fa2ca0cce903e73749454324c672c18b4c2 CVEs
2.4.11 CVE
2.5.11 CVE
2.5.61 CVE
394e0e1b3e33cbf64d6518e4b7911a402eae52841 CVE
54c1423039bbb2b6fdecc807843eef8de47a6b411 CVE
60ec05e53693535aaf616162d4f970cfca6a5d581 CVE
d18f3f7a658817b35a3ab746d8522c11368907851 CVE
d55c08d5cdfd2b3e98b250abd156945fd5e3e8d31 CVE

Find a version

13 CVEs

Sort

In Meshtastic, an attacker can spoof licensed amateur flag for a node
CVE-2025-55292
Public exploit
Patch
CWE-348
High · CVSS 8.2
EPSS 0.0% (11th pct)2026-01-27
Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
CVE-2025-53627
Public exploit
Patch
CWE-1287
Medium · CVSS 5.3
EPSS 0.0% (7th pct)2025-12-29
Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
CVE-2025-55293
Public exploit
Patch
CWE-287
Critical · CVSS 9.4
EPSS 0.1% (26th pct)2025-08-18
Traceroute_APP responses are not rate-limited.
CVE-2024-47065
Public exploit
Patch
CWE-799
Low · CVSS 2.7
EPSS 0.1% (29th pct)2025-07-11
Meshtastic allows Command Injection in GitHub Action
CVE-2025-53637
Public exploit
Patch
CWE-78
Medium · CVSS 4.1
EPSS 0.2% (46th pct)2025-07-10
Meshtastic crashes via an unimplemented routing module reply
CVE-2025-24798
Public exploit
Patch
CWE-617
Medium · CVSS 4.3
EPSS 0.0% (16th pct)2025-07-10
Meshtastic Repeated Public and Private Keypairs
CVE-2025-52464
Patch
CWE-331
Critical · CVSS 9.5
EPSS 0.3% (51th pct)2025-06-19
Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
CVE-2025-24797
Patch
CWE-119
Critical · CVSS 9.4
EPSS 2.3% (85th pct)2025-04-14
Forged packets over MQTT can show up in direct messages in Meshtastic firmware
CVE-2025-21608
Patch
CWE-668
Medium · CVSS 5.3
EPSS 0.0% (12th pct)2025-02-18
Medium vulnerability · 2024-11-04
CVE-2024-51500
Public exploit
Patch
CWE-159
Medium · CVSS 5.3
EPSS 0.1% (26th pct)2024-11-04
Medium vulnerability · 2024-10-07
CVE-2024-47079
Patch
CWE-345
Medium · CVSS 6.4
EPSS 0.3% (55th pct)2024-10-07
High vulnerability · 2024-09-25
CVE-2024-47078
Patch
CWE-287
High · CVSS 8.1
EPSS 0.1% (17th pct)2024-09-25
High vulnerability · 2024-08-27
CVE-2024-45038
Patch
CWE-755
High · CVSS 7.5
EPSS 0.4% (59th pct)2024-08-27

Severity and exploitation

meshtastic firmware Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other meshtastic products

Frequently asked questions

How many CVEs does meshtastic firmware have?

How many meshtastic firmware CVEs are in CISA KEV?

Are there public exploits for meshtastic firmware vulnerabilities?

Which versions of meshtastic firmware are affected?

What are the most common weakness types in meshtastic firmware CVEs?

How many critical meshtastic firmware vulnerabilities are there?

What is the average severity of meshtastic firmware CVEs?

References

Track meshtastic firmware vulnerabilities