CVE-2025-32885
First published: Thu May 01 2025(Updated: )
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| goTenna v1 devices | ||
| goTenna v1 devices |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-32885?
CVE-2025-32885 has been classified with a high severity due to the potential for unauthorized message injection.
How do I fix CVE-2025-32885?
To mitigate CVE-2025-32885, ensure that your devices use encrypted communications and update to the latest firmware provided by the manufacturer.
What devices are affected by CVE-2025-32885?
CVE-2025-32885 affects goTenna v1 devices running app version 5.5.3 and firmware version 0.25.5.
Can CVE-2025-32885 be exploited remotely?
Yes, CVE-2025-32885 can be exploited remotely if the device operates in an unencrypted environment.
What type of vulnerability is CVE-2025-32885?
CVE-2025-32885 is a message injection vulnerability that allows attackers to send custom messages within existing v1 networks.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/author
- agent/severity
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/event
- vendor/gotenna
- canonical/gotenna v1 devices