CVE-2025-65822

EUVD-2025-202624

10.12.2025, 21:16

The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be executed upon running. As a result, the victim will lose access to the functionality of their device and the attack may gain unauthorized access to the victim's Wi-Fi network by re-connecting to the SSID defined in the NVS partition of the device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	6.8 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
meatmeet	meatmeet_pro_wifi_\&_bluetooth_meat_thermometer_firmware	1.0.34.4

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-jtag-enabled-md

https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/JTAG-Enabled.md