A
n unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmware upgrade using Bluetooth Low Energy (BLE), resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades, this results in Remote Code Execution (RCE) and the victim losing complete access to the Meatmeet.
References
| Link | Resource |
|---|---|
| https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-remote-code-execution-md | Third Party Advisory Exploit |
| https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/Remote-Code-Execution.md | Third Party Advisory Exploit |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Jan 2026, 19:06
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Meatmeet meatmeet Pro Wifi \& Bluetooth Meat Thermometer
Meatmeet Meatmeet meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware |
|
| References | () https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-remote-code-execution-md - Third Party Advisory, Exploit | |
| References | () https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/Remote-Code-Execution.md - Third Party Advisory, Exploit | |
| CPE | cpe:2.3:h:meatmeet:meatmeet_pro_wifi_\&_bluetooth_meat_thermometer:-:*:*:*:*:*:*:* cpe:2.3:o:meatmeet:meatmeet_pro_wifi_\&_bluetooth_meat_thermometer_firmware:1.0.34.4:*:*:*:*:*:*:* |
12 Dec 2025, 15:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-10 21:16
Updated : 2026-01-21 19:06
NVD link : CVE-2025-65824
Mitre link : CVE-2025-65824
CVE.ORG link : CVE-2025-65824
JSON object : View
Products Affected
CWE
CWE-306
Missing Authentication for Critical Function