Description

The ESP32 system on a chip (SoC) that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be executed upon running. As a result, the victim will lose access to the functionality of their device and the attack may gain unauthorized access to the victim's Wi-Fi network by re-connecting to the SSID defined in the NVS partition of the device.

INFO

Published Date :

2025-12-10T00:00:00.000Z

Last Modified :

2025-12-11T20:35:56.750Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-65822 vulnerability.

Vendors Products
Espressif
  • Esp32
Meatmeet
  • Meatmeet Pro Wifi \& Bluetooth Meat Thermometer
  • Meatmeet Pro Wifi \& Bluetooth Meat Thermometer Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-65822.

URL Resource
https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-jtag-enabled-md cve-icon cve-icon
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Device/JTAG-Enabled.md cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact