CVE-2025-32889

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The verification token used for sending SMS through a goTenna server is hardcoded in the app...

CVE-2025-32881

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...

CVE-2025-32881

The CVE-2025-32881 entry concerns goTenna v1 devices with app 5.5.3 and firmware 0.25.5, where the GID default is the user’s phone number unless opted out. The issue is that the GID is not encrypted in messages, creating a potential privacy risk since a phone number can be linked to individuals. ...

PT-2025-18689 · Gotenna · Gotenna

Name of the Vulnerable Software and Affected Versions: goTenna v1 devices with app version 5.5.3 and firmware version 0.25.5 Description: An issue was discovered where the verification token used for sending SMS through a goTenna server is hardcoded in the app. This affects the ability to securel...

Information disclosure

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...