CVE-2025-65828 – An unauthenticated attacker within Bluetooth ra... (How to Fix)

Q: What is the severity of CVE-2025-65828?

CVE-2025-65828 has a CVSS score of 6.5 (MEDIUM). An unauthenticated attacker within Bluetooth range can send BLE commands to Meatmeet devices, causing denial of service by shutting down, restarting, or clearing device configuration. This affects Meatmeet device users who would lose connectivity to cloud services until devices are reconfigured or restarted.

📋 TL;DR

An unauthenticated attacker within Bluetooth range can send BLE commands to Meatmeet devices, causing denial of service by shutting down, restarting, or clearing device configuration. This affects Meatmeet device users who would lose connectivity to cloud services until devices are reconfigured or restarted.

💻 Affected Systems

Products:

Meatmeet devices

Versions: All versions prior to patch

Operating Systems: Embedded device firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires physical proximity within Bluetooth range (typically ~10 meters).

📦 What is this software?

Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware by Meatmeet

View all CVEs affecting Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass device disruption across an area, requiring physical access to each device for reconfiguration, causing extended service outage.

🟠

Likely Case

Localized device disruption requiring user intervention to restart or reconfigure affected devices.

🟢

If Mitigated

Limited impact if Bluetooth range restrictions apply and devices are physically secured.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires BLE communication tools and proximity to target devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://meatmeet.com

Restart Required: No

Instructions:

Check vendor website for firmware updates and apply following manufacturer instructions.

🔧 Temporary Workarounds

Disable Bluetooth when not in use

all

Turn off Bluetooth functionality on Meatmeet devices when not actively pairing or communicating.

Physical isolation

all

Place devices in areas with limited physical access to reduce attacker proximity.

🧯 If You Can't Patch

Implement physical security controls to limit proximity access to devices
Monitor for unusual BLE activity and device disconnections

🔍 How to Verify

Check if Vulnerable:

Test if BLE commands can be sent to device without authentication using tools like gatttool or nRF Connect.

Check Version:

Check device firmware version through manufacturer app or interface.

Verify Fix Applied:

Attempt to send shutdown/restart/clear config commands via BLE and verify they are rejected.

📡 Detection & Monitoring

Log Indicators:

Unexpected device shutdowns
Configuration reset events
BLE connection attempts from unknown MAC addresses

Network Indicators:

Sudden loss of device connectivity
Multiple devices going offline simultaneously in same area

SIEM Query:

Device logs showing 'shutdown', 'restart', or 'config cleared' events from BLE sources

📊 Metadata

CVE ID: CVE-2025-65828

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-306

EPSS Score: 0.12% exploit probability (31.8th percentile)

Published: December 10, 2025

Last Updated: December 30, 2025

🔗 References

http://meatmeet.com Product
https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-denial-of-service-ble-md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65828, you might also want to check these: