Message Integrity Vulnerability in goTenna Mesh Devices
CVE-2025-32890

6.5MEDIUM

Key Information:

Vendor: goTenna
Status: goTenna Mesh
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-32890?

An encryption vulnerability has been identified in goTenna Mesh devices that utilize a custom encryption implementation. Without adequate integrity checking mechanisms, attackers are able to manipulate messages within the system, potentially compromising the confidentiality and integrity of communications. This issue emphasizes the need for robust security standards in encryption practices.

References

https://gotenna.com

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnera...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Apr 11, 2025