CVE-2025-65824

HighPublic PoC

Published: 10 December 2025

Published

10 December 2025

Modified

21 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0020 42.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code. As the device…

does not perform checks on upgrades, this results in Remote Code Execution (RCE) and the victim losing complete access to the Meatmeet.

Mitigating Controls (NIST 800-53 r5)AI

AC-18 Wireless Access good match

prevent

Requires authorization, authentication, and encryption for wireless access, directly preventing unauthenticated BLE OTA firmware upgrades by proximity attackers.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Mandates integrity verification tools and techniques for firmware to block installation of unauthorized code and detect alterations post-upgrade.

CM-14 Signed Components good match

prevent

Enforces use of signed firmware components with verification prior to installation, ensuring only authentic upgrades overwrite device firmware.

Security SummaryAI

CVE-2025-65824 affects the Meatmeet device, where an unauthenticated attacker within proximity can perform an unauthorized Over The Air (OTA) firmware upgrade via Bluetooth Low Energy (BLE). The device fails to perform any checks on incoming upgrades, allowing the firmware to be overwritten with attacker-supplied code. This vulnerability, linked to CWE-306 (Missing Authentication for Critical Function), has a CVSS v3.1 base score of 8.8 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-12-10.

An adjacent attacker requires only physical proximity to the Meatmeet device, with low attack complexity, no privileges, and no user interaction. Successful exploitation results in remote code execution (RCE), complete firmware replacement, and the victim losing all access to the device.

References point to GitHub disclosures by researcher dead1nfluence, including a gist and repository documentation detailing the remote code execution vulnerability in the Meatmeet Pro device. No official advisories or patches are specified in the available information.

Details

CWE(s): CWE-306

Affected Products

meatmeet

meatmeet pro wifi \& bluetooth meat thermometer firmware

1.0.34.4

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables exploitation of the unauthenticated OTA remote service over BLE (T1210) leading to RCE and firmware overwrite, effectively granting privilege escalation from no privileges to full device control (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-remote-code-execution-md
Third Party Advisory, Exploit · cve@mitre.org
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/Remote-Code-Execution.md
Third Party Advisory, Exploit · cve@mitre.org