Data Exposure Vulnerability in goTenna Devices
CVE-2025-32881

4.3MEDIUM

Key Information:

Vendor: goTenna
Status: goTenna v1
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32881?

A data exposure issue has been identified in goTenna v1 devices, where the Group ID (GID) defaults to the user's phone number unless the user opts out. This raises significant privacy concerns, as phone numbers are sensitive information that can easily identify individuals. Additionally, the application does not encrypt the GID in messages, further compromising user privacy and security. Organizations using these devices should take immediate action to mitigate potential risks.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025