PT-2025-18668 · Gotenna · Gotenna
Published
2025-05-01
·
Updated
2025-06-20
·
CVE-2025-32881
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
goTenna v1 devices with app 5.5.3 and firmware 0.25.5
Description
An issue was discovered where the GID, which is the user's phone number by default unless they opt out, is not encrypted in messages. This is sensitive information as it can be tied back to individuals.
Recommendations
For goTenna v1 devices with app 5.5.3 and firmware 0.25.5, consider disabling the default use of the phone number as the GID to minimize the risk of sensitive information exposure. As a temporary workaround, users should opt out of using their phone number as the GID until a patch is available.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gotenna