CVE-2025-32884

Name of the Vulnerable Software and Affected Versions goTenna Mesh versions 5.5.3 and firmware 1.1.12

Description A problem was discovered in goTenna Mesh devices where the GID, by default, is the user's phone number unless they opt out. Since a phone number can be associated with individuals, it is considered sensitive information. The application fails to encrypt the GID in messages, potentially exposing user information.

Recommendations For goTenna Mesh version 5.5.3 and firmware 1.1.12, consider disabling the default setting that uses the user's phone number as the GID to minimize the risk of sensitive information exposure. Users should opt out of using their phone number as the GID. Additionally, users should avoid using the application until a fix is provided that encrypts the GID in messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.