Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages
gbhackers
A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks.
The vulnerability tracked as, CVE-2025-52464, flaw stems from duplicated encryption keys and insufficient randomness during key generation.
The issue affects multiple hardware platforms and poses significant risks to users relying on Meshtastic for secure off-grid communication in scenarios like emergency response and remote expeditions.
Vulnerability Mechanics and Impact
The flaw originates from two critical failures:
- Key duplication: Hardware vendors shipped devices with identical public/private key pairs due to cloning during mass flashing procedures.
- Low-entropy keys: The cryptographic library failed to properly initialize randomness pools on some platforms, weakening key generation.
Attackers exploiting this vulnerability can:
- Decrypt direct messages sent between affected devices using compiled lists of compromised keys.
- Hijack remote administration features by impersonating authorized administrators.
- Gain unauthorized control over nodes ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE