CVE-2025-65824
Last modified
CVE-2025-65824 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades, this results in Remote Code Execution (RCE) and the victim losing complete access to the Meatmeet.. EPSS estimates a 0.49% chance of exploitation in the next 30 days.
Description
An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades, this results in Remote Code Execution (RCE) and the victim losing complete access to the Meatmeet.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Meatmeet | Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware | 1.0.34.4 |
References
- https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-remote-code-execution-mdExploit, Third Party Advisory
- https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/Remote-Code-Execution.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-65824?
How severe is CVE-2025-65824?
How do I fix CVE-2025-65824?
Are you affected by CVE-2025-65824?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST