CVE-2025-32888

Name of the Vulnerable Software and Affected Versions goTenna Mesh versions 5.5.3 with firmware 1.1.12

Description A problem was discovered in goTenna Mesh devices where the verification token used for sending SMS through a goTenna server is hardcoded in the application. This issue affects devices with app version 5.5.3 and firmware version 1.1.12.

Recommendations For goTenna Mesh version 5.5.3 with firmware 1.1.12, consider restricting access to the hardcoded verification token until a patch is available. As a temporary workaround, avoid using the affected application for sending SMS through a goTenna server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.