Hardcoded Token Vulnerability in goTenna Mesh Devices by goTenna
CVE-2025-32888

7.3HIGH

Key Information:

Vendor: goTenna
Status: goTenna Mesh
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32888?

A vulnerability exists in goTenna Mesh devices where the verification token for sending SMS messages through a goTenna server is hardcoded into the application. This flaw may allow unauthorized actors to exploit the hardcoded token, potentially compromising the integrity of SMS communications and exposing sensitive user information. Users should remain vigilant and update their devices to mitigate this risk.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025