Cybersecurity researchers have discovered new security issues with the Terrestrial Trunk Radio (TETRA) communications protocol, including a unique end-to-end encryption (E2EE) mechanism that exposes the system to regenerate and brute-force attacks, and even decrypt encrypted traffic.
Vulnerability Details – Dubbed 2TETRA: 2 bursts – Presented last week at the Black Hat USA Security Conference by Midnight Blue researchers Carlo Meijer, Wouter Bokslag and Jos Wetzels.
Tetra is a European mobile radio standard widely used in law enforcement, military, transportation, utilities, and critical infrastructure operators. Developed by the European Institute for Communications Standards (ETSI). It includes four encryption algorithms: TEA1, TEA2, TEA3 and TEA4.
The disclosure comes more than two years after a Dutch-based cybersecurity company discovers a security vulnerability in Tetra Standard called Tetra: Burst, and counts what is known as “intentional backdoors” that could be exploited in leaky information.
The newly discovered problem relates to cases of packet injection in Tetra and to an inadequate fix of one of five Tetras, CVE-2022-24401. The identified issues are listed below –
- CVE-2025-52940 – Tetra-end-to-end encrypted audio streams are vulnerable to replay attacks. Additionally, an attacker without key knowledge may inject any audio stream that is less pressing than genuine traffic by legitimate call recipients.
- CVE-2025-52941 -TETRA End-to-End Cryptography Algorithm ID 135 refers to a deliberately weakened AES-128 implementation with effective traffic key entropy reduced from 128 bit to 56 bits, making it vulnerable to brute force attacks.
- CVE-2025-52942 – End-to-end encrypted Tetra SDS messages have no replay protection and allow any replay of messages to humans or machines.
- CVE-2025-52943 – TETRA networks that support multiple AIR interface encryption algorithms are vulnerable to key recovery attacks, as SCK/CCK network keys are the same for all supported algorithms. Once TEA1 is supported, you can decrypt or inject TEA2 or TEA3 traffic into your network using the easily reclaimed TEA1 key (CVE-2022-24402).
- CVE-2025-52944 -TETRA protocol does not have message authentication, therefore it can inject any message, such as voice or data.
- ETSI’s CVE-2022-24401 fix has no effect on preventing keystream recovery attacks (no CVE, assigned placeholder identifier MBPH-2025-001))
Midnight Blue states that the impact of 2TETRA is: Two bursts rely on each case and configuration aspect of a particular Tetra network, and networks using TETRA with data carry capacity are particularly susceptible to packet injection attacks, allowing attackers to intercept radio communications and inject malicious data traffic.
“A voice replay or injection scenario (CVE-2025-52940) can cause confusion among legitimate users. This can be used as amplification for large-scale attacks,” the company says. “TETRA E2EE users (and those who don’t use Sepura Embedded E2EE either) should verify that they are using a weakened 56-bit variant (CVE-2025-52941) anyway.”
“Downlink traffic injection is usually possible using plain text traffic, as we found that radios accept and handle unencrypted downlink traffic even in encrypted networks. To uplink traffic injection, we need to recover the keystream.”
https://www.youtube.com/watch?v=etmn23izabw
There is no evidence that these vulnerabilities are being exploited in the wild. That said, except for MBPH-2025-001, there are no patches that address the drawbacks.
Other defect mitigations are listed below –
- CVE-2025-52940, CVE-2025-52942 – Go to a scrutinized, secure E2EE solution
- CVE-2025-52941 -Move to Weakened E2EE variant
- CVE-2025-52943 -Disable Tea1 support and rotate all AIE keys
- CVE-2025-52944 – When using Tetra with data carrying capacity: Add a TLS/VPN layer above Tetra
“When operating or using a TETRA network, you will be sure to be affected by CVE-2025-52944. This shows that malicious traffic can be injected into the Tetra network even with authentication and/or encryption enabled.”
“Also, CVE-2022-24401 will likely affect you as it allows enemies to collect keystreams for violations of confidentiality or integrity. When you operate a multi-siffer network, CVE-2025-52943 poses a serious security risk.”
In a statement shared with wired, ETSI said the E2EE mechanism used in Tetra-based RADIOS is not part of the ETSI standard, adding that it was generated by the Critical Communications Association (TCCA) Security and Fraud Prevention Group (SFPG). Etsi also noted that Tetra-based radio buyers are free to deploy other solutions for E2EE over the radio.
The findings are also consistent with the discovery of three flaws in attackers’ mobile Tetra radio that allow attackers with physical access to the device to achieve rogue code execution –
- CVE-2025-52945 – Defective file management restrictions
- CVE-2025-8458 – Insufficient key entropy for SD card encryption
- Removal of all Tetra and Tetra E2EE key materials (no CVE, placeholder identifier assigned, except for device-specific key K MBPH-2025-003))
The CVE-2025-52945 and CVE-2025-8458 patches are expected to be available in the third quarter of 2025, and we recommend that users implement an enhanced Tetra Key Management Policy. On the other hand, MBPH-2025-003 cannot be improved due to architectural restrictions.
“The vulnerability allows attackers to obtain code execution on Sepura Gen 3 devices,” the company said. “Attack scenarios featuring CVE-2025-8458 involve persistent code execution through access to the device’s SD card. The exploitation of CVE-2025-52945 is even easier, as it only requires easy access to the device’s PEI connector.”
“From the premise of code execution, multiple attack scenarios can be performed, including removing the TETRA key material (MBPH-2025-003) and persistent backdoor embedding into wireless firmware. This will result in a loss of the confidentiality and integrity of the TETRA communication.”
