Local Access Vulnerability in goTenna v1 Devices by goTenna
CVE-2025-32886

5.5MEDIUM

Key Information:

Vendor: goTenna
Status: goTenna v1
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32886?

A local access vulnerability exists in goTenna v1 devices that permits unauthorized users to intercept and access sensitive data. This issue arises from the fact that all packets transmitted over RF are also sent over UART with USB Shell. Consequently, an individual with physical access to the device can exploit this flaw to gain insights into the communication protocol and compromise the confidentiality of transmitted information. Proper security measures and access controls are essential to mitigate such risks.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025