CVE-2025-32885

CVSS 6.5 MEDIUMEPSS 0.2%CWE-1390

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

01 May 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised.

CVSS:3.1/AC:L/AV:A/A:N/C:H/I:N/PR:N/S:U/UI:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities https://gotenna.com