{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2025-32886","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-05-01T19:26:19.888Z","dateReserved":"2025-04-11T00:00:00.000Z","datePublished":"2025-05-01T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2025-05-01T17:50:00.922Z"},"descriptions":[{"lang":"en","value":"An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://gotenna.com"},{"url":"https://github.com/Dollarhyde/goTenna_v1_and_Mesh_vulnerabilities"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AC:L/AV:L/A:N/C:L/I:N/PR:N/S:U/UI:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-923","lang":"en","description":"CWE-923 Improper Restriction of Communication Channel to Intended Endpoints"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-01T19:26:14.759482Z","id":"CVE-2025-32886","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-01T19:26:19.888Z"}}]},"dataVersion":"5.1"}