CVE-2025-32883

Name of the Vulnerable Software and Affected Versions goTenna Mesh versions 5.5.3 and firmware 1.1.12

Description An issue was discovered that allows the injection of custom messages into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised.

Recommendations For goTenna Mesh version 5.5.3 and firmware 1.1.12, consider disabling the use of software defined radio functionality until a patch is available to prevent custom message injection. Restrict access to unencrypted environments to minimize the risk of exploitation. Ensure cryptography is not compromised to prevent exploitation of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.