CVE-2025-32884 – goTenna Mesh Phone Number Disclosure

May 1, 2025

CVE ID : CVE-2025-32884

Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

Description : An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user’s phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32883 – goTenna Mesh RCE via Software Defined Radio

Next Article CVE-2025-32885 – “GoTenna v1 App Message Injection Vulnerability”

Highlights

CVE-2025-43845 – VITS Voice Changing Framework Remote Code Injection Vulnerability

May 5, 2025

CVE ID : CVE-2025-43845

Published : May 5, 2025, 6:15 p.m. | 36 minutes ago

Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckpt_path2 variable takes user input (e.g. a path to a model) and passes it to change_info_ function, which opens and reads the file on the given path (except it changes the final on the path to train.log), and passes the contents of the file to eval, which can lead to remote code execution. As of time of publication, no known patches exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-32884 – goTenna Mesh Phone Number Disclosure

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

AI-Driven Auto-Tagging of EC2 Instances Using Amazon SageMaker

How Tiny UX Changes Echo, State of CSS 2025 & Logos that Standout

Navigating the AI Revolution: The Importance of Adaptation

Google Unveils Gemini 2.5 Flash in Preview through the Gemini API via Google AI Studio and Vertex AI.

CVE-2025-43845 – VITS Voice Changing Framework Remote Code Injection Vulnerability

CVE-2025-41437 – Zohocorp ManageEngine OpManager Reflected Cross-Site Scripting Vulnerability

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

CVE-2025-32884 – goTenna Mesh Phone Number Disclosure

Related Posts