Hardcoded Token Vulnerability in goTenna Mesh Devices by goTenna
CVE-2025-32888

8.8HIGH

Key Information:

Vendor: goTenna
Status: goTenna Mesh
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32888?

A vulnerability exists in goTenna Mesh devices where the verification token for sending SMS messages through a goTenna server is hardcoded into the application. This flaw may allow unauthorized actors to exploit the hardcoded token, potentially compromising the integrity of SMS communications and exposing sensitive user information. Users should remain vigilant and update their devices to mitigate this risk.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025