Message Injection Vulnerability in goTenna v1 Devices by goTenna
CVE-2025-32885

6.5MEDIUM

Key Information:

Vendor: goTenna
Status: goTenna v1
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32885?

A vulnerability has been identified in goTenna v1 devices, enabling the injection of arbitrary messages into existing v1 networks through the app version 5.5.3 and firmware version 0.25.5. This issue arises from the ability to manipulate Custom Identifiers (GIDs) and Callsigns using a software-defined radio. Exploitation can occur in environments lacking encryption or where existing cryptographic protections have been breached. This poses a significant risk to the integrity and confidentiality of communications on goTenna's network.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025