Encryption Implementation Flaw in goTenna Devices by goTenna
CVE-2025-32882

5.3MEDIUM

Key Information:

Vendor: goTenna
Status: goTenna v1
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32882?

An encryption vulnerability has been identified in goTenna v1 devices, specifically in the mobile application version 5.5.3 and firmware version 0.25.5. The encryption mechanism employed is custom-built and lacks sufficient integrity verification, making it susceptible to attacks. Malicious actors can potentially manipulate messages, compromising their integrity and allowing unauthorized alterations. This critical oversight exposes communication through these devices to risks that necessitate immediate attention from users and administrators.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025