EUVD-2025-13282

Malicious code in bioql PyPI...

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...

CVE-2025-32887

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping...

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32886

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data...

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...

CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32887

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. A command channel includes the next hop. which can be intercepted and used to break frequency hopping...

CVE-2025-32885

Affected software/hardware: goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Vulnerability: The app enables injection of custom messages into existing v1 networks via a software‑defined radio, using any GID and Callsign. Root cause/condition: exploitation in unencrypted environments or when...

PT-2025-18686 · Gotenna · Gotenna

Name of the Vulnerable Software and Affected Versions: goTenna v1 with application 5.5.3 and firmware 0.25.5 Description: A problem was discovered where all packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and...

CVE-2025-32887

CVE-2025-32887 (goTenna V1) affects goTenna v1 devices using app 5.5.3 and firmware 0.25.5. The command channel includes the next hop, which can be intercepted and used to break frequency hopping. Impacts: availability is affected (high), integrity/confidentiality issues are noted as low in one m...

CVE-2025-32882

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...

PT-2025-18669 · Gotenna · Gotenna

Name of the Vulnerable Software and Affected Versions: goTenna v1 with application 5.5.3 and firmware 0.25.5 Description: The issue concerns the use of a custom encryption implementation in the application without additional integrity checking mechanisms. This makes messages vulnerable to an...

PT-2025-18672 · Gotenna · Gotenna

Name of the Vulnerable Software and Affected Versions: goTenna v1 devices with app 5.5.3 and firmware 0.25.5 Description: A problem was detected in goTenna v1 devices that allows the injection of custom messages into existing networks with any GID and Callsign via a software-defined radio. This...

CVE-2025-32886

The CVE-2025-32886 issue affects goTenna v1 devices (app 5.5.3, firmware 0.25.5). The underlying problem is that packets sent over RF are also transmitted via UART through USB Shell, enabling a user with local access to learn the protocol and intercept sensitive data. The impact is information di...