Hardcoded Verification Token in goTenna v1 Devices Causing Security Risk
CVE-2025-32889

8.8HIGH

Key Information:

Vendor: goTenna
Status: goTenna v1
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32889?

A security flaw has been identified in goTenna v1 devices, specifically in the app version 5.5.3 and firmware version 0.25.5, where the verification token for sending SMS through the goTenna server is hardcoded in the application. This exposes users to potential security threats, allowing attackers to exploit the hardcoded token to execute unauthorized actions. Such vulnerabilities can lead to unauthorized access to communications, making it essential for users to be aware of this issue and prompt the adoption of best practices for secure application usage.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025