Cyber Resilience

CVE-2025-32885

Medium

Published: 01 May 2025

Published
01 May 2025
Modified
20 June 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0021 42.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32885 is a medium-severity Weak Authentication (CWE-1390) vulnerability in Gotenna Mesh Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Transmitted Data Manipulation (T1565.002); ranked at the 42.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This…

more

can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
Why these techniques?

Vulnerability enables injection of arbitrary custom messages with spoofed GID and Callsign into goTenna v1 networks via SDR, facilitating transmitted data manipulation and impersonation of network participants.

Affected Assets

gotenna
mesh firmware
0.25.5
gotenna
gotenna
5.5.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-1390

Helps detect exploitation of weak authentication mechanisms by notifying of previous unauthorized logons.

addresses: CWE-1390

The IA policy requires strong authentication methods, reducing use of weak authentication.

addresses: CWE-1390

Enforces dynamic, context-aware authentication that mitigates weak static authentication by increasing requirements based on risk or conditions.

addresses: CWE-1390

Enforces authentication for users, reducing the viability of weak authentication mechanisms.

addresses: CWE-1390

Requires authentication mechanisms to meet applicable standards and guidelines, preventing weak authentication.

References