CVE-2025-65821 — HIGH (7.5)

Vulnerability Description

As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Additionally, this allows the adversary to reflash the device with their own firmware which may contain malicious modifications.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Meatmeet	Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware	1.0.34.4
Meatmeet	Meatmeet Pro Wifi \& Bluetooth Meat Thermometer	-

Related Weaknesses (CWE)

CWE-1191

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-uartThird Party Advisory
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/UThird Party Advisory

FAQ

What is CVE-2025-65821?

CVE-2025-65821 is a vulnerability with a CVSS score of 7.5 (HIGH). As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the curren...

How severe is CVE-2025-65821?

CVE-2025-65821 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65821?

Check the references section above for vendor advisories and patch information. Affected products include: Meatmeet Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware, Meatmeet Meatmeet Pro Wifi \& Bluetooth Meat Thermometer.