Cybersecurity researchers have identified a new set of vulnerabilities within the Terrestrial Trunked Radio (TETRA) communications protocol, which is commonly used by law enforcement and military agencies. These vulnerabilities, named 2TETRA:2BURST, were unveiled at the Black Hat USA security conference by researchers from Midnight Blue.
TETRA, established by the European Telecommunications Standards Institute, utilizes various encryption algorithms for secure communications. However, these newly discovered issues include flaws in the protocol’s end-to-end encryption (E2EE) system, exposing it to replay and brute-force attacks, as well as allowing attackers to decrypt encrypted traffic.
This disclosure follows a previous revelation two years ago about TETRA vulnerabilities that included a deliberate backdoor for leaking sensitive information. The current vulnerabilities cover a range of vulnerabilities related to packet injection and inefficacious fixes for existing issues, impacting the security of encrypted voice transmissions and messages within TETRA systems.
Several vulnerabilities have been identified:
- CVE-2025-52940: Vulnerability to replay attacks on voice streams and potential for arbitrary stream injection.
- CVE-2025-52941: An intentionally weak AES-128 encryption implementation that reduces effective key entropy, making it vulnerable to brute-force attacks.
- CVE-2025-52942: Lack of replay protection for encrypted messages, allowing arbitrary message replay.
- CVE-2025-52943: Vulnerability to key recovery attacks due to identical network keys across multiple encryption algorithms.
- CVE-2025-52944: Absence of message authentication, permitting attackers to inject various unauthorized messages into the network.
- Placeholder identifier MBPH-2025-001 indicates an ineffective fix for past vulnerabilities impacting keystream recovery.
Midnight Blue notes that the operational impact of these vulnerabilities depends on the TETRA network’s configuration. Networks utilizing TETRA for data transport are particularly vulnerable to attacks, which can lead to the interception of communications and potential malicious data injection.
While there have been no reported real-world exploits of these vulnerabilities, existing patches are limited, and a fix for some specific shortcomings is anticipated. Recommended mitigations include transitioning to more secure encryption solutions, disabling vulnerable encryption algorithms, and adding layers of security such as TLS/VPN to enhance protection.
In a related note, ETSI clarified that the E2EE mechanism utilized in TETRA radios is separate from the established ETSI standard and that deployments can utilize alternative encryption solutions.
Midnight Blue’s findings also coincide with additional vulnerabilities discovered in the Sepura SC20 series of mobile TETRA radios, which could allow unauthorized code execution if physical access to the device is gained. Patches are expected for some of these flaws, reinforcing the need for improved key management practices for TETRA users.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.