CVE Vulnerabilities

CVE-2025-32890

Missing Support for Integrity Check

Published: May 01, 2025 | Modified: Jun 20, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.

Weakness

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

Affected Software

Name Vendor Start Version End Version
Mesh_firmware Gotenna 1.1.12 (including) 1.1.12 (including)

Potential Mitigations

References