CVE-2025-32886

EPSS 0.07%
Veröffentlicht 01.05.2025 00:00:00
Zuletzt bearbeitet 20.06.2025 16:45:10
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gotenna ≫ Mesh Firmware Version0.25.5

Gotenna ≫ Mesh Version-

Gotenna ≫ Gotenna Version5.5.3 SwPlatform-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.222

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cve@mitre.org	4	2.5	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

https://gotenna.com

Product

https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-32886

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32886

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32886

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32886