Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic.
Details of the vulnerabilities – dubbed 2TETRA:2BURST – were presented at the Black Hat USA security conference last week by Midnight Blue researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels.
TETRA is a European mobile radio standard that's widely used by law enforcement, military, transportation, utilities, and critical infrastructure operators. It was developed by the European Telecommunications Standards Institute (ETSI). It encompasses four encryption algorithms: TEA1, TEA2, TEA3, and TEA4.
The disclosure comes a little over two years after the Netherlands-based cybersecurity company discovered a set of security vulnerabilities in TETRA standard called TETRA:BURST, counting what was described as an "intentional backdoor" that could be exploited to leak sensitive information.
The newly discovered issues relate to a case of packet injection in TETRA, as well as an insufficient fix for CVE-2022-24401, one of the five TETRA:BURST issues, to prevent keystream recovery attacks. The identified issues are listed below -
- CVE-2025-52940 - TETRA end-to-end encrypted voice streams are vulnerable to replay attack. Furthermore, an attacker with no knowledge of the key may inject arbitrary voice streams, that are played back indistinguishably from authentic traffic by legitimate call recipients.
- CVE-2025-52941 - TETRA end-to-end encryption algorithm ID 135 refers to an intentionally weakened AES-128 implementation which has its effective traffic key entropy reduced from 128 to 56 bits, rendering it vulnerable to brute-force attacks.
- CVE-2025-52942 - End-to-end encrypted TETRA SDS messages feature no replay protection, allowing for arbitrary replay of messages towards either humans or machines.
- CVE-2025-52943 - TETRA networks that support multiple Air Interface Encryption algorithms are vulnerable to key recovery attacks since the SCK/CCK network key is identical for all supported algorithms. When TEA1 is supported, an easily recovered TEA1 key (CVE-2022-24402) can be used to decrypt or inject TEA2 or TEA3 traffic on the network.
- CVE-2025-52944 - The TETRA protocol lacks message authentication and therefore allows for the injection of arbitrary messages such as voice and data.
- ETSI's fix for CVE-2022-24401 is ineffective in the prevention of keystream recovery attacks (No CVE, assigned a placeholder identifier MBPH-2025-001)
Midnight Blue said the impact of the 2TETRA:2BURST depend on the use-cases and configuration aspects of each particular TETRA network, and that networks that use TETRA in a data-carrying capacity are particularly susceptible to packet injection attacks, potentially allowing attackers to intercept radio communications and inject malicious data traffic.
"Voice replay or injection scenarios (CVE-2025-52940) can cause confusion among legitimate users, which can be used as an amplifying factor in a larger-scale attack," the company said. "TETRA E2EE users (also those not using Sepura Embedded E2EE) should in any case validate whether they may be using the weakened 56-bit variant (CVE-2025-52941)."
"Downlink traffic injection is typically feasible using plaintext traffic, as we found radios will accept and process unencrypted downlink traffic even on encrypted networks. For uplink traffic injection, the keystream needs to be recovered."
There is no evidence of these vulnerabilities being exploited in the wild. That said, there are no patches that address the shortcomings, with the exception of MBPH-2025-001, for which a fix is expected to be released.
Mitigations for other flaws are listed below -
- CVE-2025-52940, CVE-2025-52942 - Migrate to scrutinized, secure E2EE solution
- CVE-2025-52941 - Migrate to non-weakened E2EE variant
- CVE-2025-52943 - Disable TEA1 support and rotate all AIE keys
- CVE-2025-52944 - When using TETRA in a data carrying capacity: add TLS/VPN layer on top of TETRA
"If you operate or use a TETRA network, you are certainly affected by CVE-2025-52944, in which we demonstrate it's possible to inject malicious traffic into a TETRA network, even with authentication and/or encryption enabled," Midnight Blue said.
"Also, CVE-2022-24401 likely affects you, as it allows adversaries to collect keystream for either breach of confidentiality or integrity. If you operate a multi-cipher network, CVE-2025-52943 poses a critical security risk."
In a statement shared with WIRED, ETSI said the E2EE mechanism used in TETRA-based radios is not part of the ETSI standard, adding it was produced by The Critical Communications Association's (TCCA) security and fraud prevention group (SFPG). ETSI also noted that purchasers of TETRA-based radios are free to deploy other solutions for E2EE on their radios.
The findings also coincide with the discovery of three flaws in the Sepura SC20 series of mobile TETRA radios that allow attackers with physical access to the device to achieve unauthorized code execution -
- CVE-2025-52945 - Defective file management restrictions
- CVE-2025-8458 - Insufficient key entropy for SD card encryption
- Exfiltration of all TETRA and TETRA E2EE key materials with the exception of the device-specific key K (no CVE, assigned a placeholder identifier MBPH-2025-003)
Patches for CVE-2025-52945 and CVE-2025-8458 are expected to be made available in the third quarter of 2025, necessitating that users are advised to implement enhanced TETRA key management policies. MBPH-2025-003, on the other hand, cannot be remediated due to architectural limitations.
"The vulnerabilities enable an attacker to gain code execution on a Sepura Gen 3 device," the company said. "Attack scenarios featuring CVE-2025-8458 involve persistent code execution through access to a device's SD card. Abuse of CVE-2025-52945 is even more straightforward as it requires only brief access to the device's PEI connector."
"From the premise of code execution, multiple attack scenarios are viable, such as exfiltration of TETRA key materials (MBPH-2025-003) or the implantation of a persistent backdoor into the radio firmware. This leads to the loss of confidentiality and integrity of TETRA communications."
