CVE-2025-24797

CRITICAL Year: 2025
CVSS v3 Score
9.4
Critical
Weakness Type
CWE-119
View all →

Vulnerability Description

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2.

Related Vulnerabilities

CVE-2021-40400

CRITICAL
CVSS:9.3(Critical)

An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit d7f42a9a). A s...

CWE-1192021

CVE-2015-7939

CRITICAL
CVSS:9.6(Critical)

Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename.

CWE-1192015

CVE-2016-0003

CRITICAL
CVSS:9.6(Critical)

Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."

CWE-1192016

CVE-2016-4734

CRITICAL
CVSS:9.6(Critical)

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differe...

CWE-1192016

CVE-2016-7277

CRITICAL
CVSS:9.6(Critical)

Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."

CWE-1192016

CVE-2017-11309

CRITICAL
CVSS:9.6(Critical)

Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.

CWE-1192017