Login Sign Up

CVE-2025-55292

8.2 HIGH

📋 TL;DR

This vulnerability allows attackers to impersonate legitimate nodes in Meshtastic mesh networks by forging NodeInfo packets that claim HAM mode is enabled. This downgrades security by forcing other nodes to use unencrypted HAM mode communication instead of proper public key cryptography. All Meshtastic users running vulnerable versions are affected.

💻 Affected Systems

Products:
  • Meshtastic firmware
Versions: All versions before 2.7.6.834c3c5
Operating Systems: All platforms running Meshtastic
Default Config Vulnerable: ⚠️ Yes
Notes: All Meshtastic deployments using the default configuration are vulnerable. HAM mode must be available in the network configuration for the attack to work.

📦 What is this software?

Meshtastic Firmware by Meshtastic

View all CVEs affecting Meshtastic Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of mesh network confidentiality and integrity, allowing attackers to intercept, modify, or block all communications while impersonating legitimate nodes.

🟠

Likely Case

Attackers intercept and manipulate communications between specific nodes, potentially accessing sensitive data transmitted over the mesh network.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though some data exposure may still occur.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires network access to the mesh but no authentication. The technique is well-documented in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.6.834c3c5

Vendor Advisory: https://github.com/meshtastic/firmware/security/advisories/GHSA-45vg-3f35-7ch2

Restart Required: Yes

Instructions:

1. Download latest firmware from Meshtastic repository. 2. Flash devices with version 2.7.6.834c3c5 or later. 3. Restart all nodes in the mesh network.

🔧 Temporary Workarounds

Disable HAM mode

all

Remove HAM mode from network configuration to prevent the downgrade attack

meshtastic --set-ham-mode false

Network segmentation

all

Isolate vulnerable Meshtastic networks from sensitive systems

🧯 If You Can't Patch

  • Monitor network for unusual NodeInfo packets or HAM mode activation
  • Implement additional authentication layers for critical communications

🔍 How to Verify

Check if Vulnerable:

Check firmware version on all nodes. If version is earlier than 2.7.6.834c3c5, the system is vulnerable.

Check Version:

meshtastic --version

Verify Fix Applied:

Confirm all nodes are running version 2.7.6.834c3c5 or later and test that HAM mode cannot be forced by unauthorized nodes.

📡 Detection & Monitoring

Log Indicators:

  • Multiple NodeInfo updates from same MAC
  • Unexpected HAM mode activation
  • Node details changing without authorization

Network Indicators:

  • Unusual packet patterns with forged NodeInfo
  • Encrypted channels switching to unencrypted

SIEM Query:

source="meshtastic" AND (event="nodeinfo_update" AND ham_mode="true")

📊 Metadata

CVE ID: CVE-2025-55292
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-348
EPSS Score: 0.02% exploit probability (3.8th percentile)
Published: January 28, 2026
Last Updated: March 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55292, you might also want to check these:

CVE-2022-31813 9.8

This vulnerability in Apache HTTP Server allows attackers to bypass IP-based authentication by manip...

Same vulnerability type (CWE-348)
CVE-2024-27773 8.8

CVE-2024-27773 is a critical vulnerability in Unitronics Unistream Unilogic software that allows rem...

Same vulnerability type (CWE-348)
CVE-2025-27913 7.5

This vulnerability allows attackers to manipulate email messages sent by Passbolt API by injecting m...

Same vulnerability type (CWE-348)