Cybersecurity researchers have uncovered a fresh set of critical security vulnerabilities in the Terrestrial Trunked Radio (TETRA) communication standard, exposing sensitive communications used by law enforcement, military, and critical infrastructure organizations worldwide to potential interception and manipulation.
The 2TETRA:2BURST Vulnerabilities
The new flaws, collectively named 2TETRA:2BURST, specifically target TETRA’s proprietary end-to-end encryption (E2EE) implementation, which was previously recommended as a security enhancement after earlier flaws were discovered in 2023.
Key Vulnerabilities and CVE Numbers
The researchers identified five main vulnerabilities in the TETRA system:
- CVE-2025-52940: Allows replay attacks and injection of fake audio in E2EE voice streams that are indistinguishable from legitimate communications
- CVE-2025-52941: A deliberately weakened AES-128 variant that reduces key entropy from 128 bits to just 56 bits, making brute-force attacks feasible
- CVE-2025-52942: Lack of replay protection in encrypted Short Data Service (SDS) messages enables message duplication
- CVE-2025-52943: Use of identical network keys across multiple encryption algorithms allows a TEA1 key compromise to impact TEA2/TEA3 traffic
- CVE-2025-52944: Absence of message authentication allows injection of arbitrary voice or data messages
Additionally, a previously released fix for CVE-2022-24401 was found to be ineffective against keystream recovery attacks.
Background and Context
TETRA serves as the backbone of secure mobile radio communication in many countries. The system employs four main encryption algorithms—TEA1, TEA2, TEA3, and TEA4—designed for different security levels depending on the target customer and export regulations.
This disclosure comes approximately two years after the original TETRA:BURST vulnerabilities were revealed, which included what was described as an “intentional backdoor” in the TEA1 algorithm that reduced its 80-bit key to just 32 bits.
Impact and Risks
The vulnerabilities pose several serious risks:
Communication Interception: The weakened encryption variant makes it possible for attackers to perform brute-force decryption of voice and data communications.
Message Injection: Attackers can inject malicious traffic into secured networks, including fake voice messages and data packets that appear legitimate.
Replay Attacks: The ability to replay legitimate messages can cause operational confusion during critical situations.
Key Compromise: The use of identical network keys across multiple algorithms means that compromising one algorithm can affect traffic encrypted with others.
Affected Systems and Global Usage
While TETRA radios are not used by police and military forces in the United States, they are extensively deployed by law enforcement agencies globally, including in Belgium, Scandinavian nations, Eastern European countries, and Middle Eastern nations such as Iran, Iraq, Lebanon, and Syria. Military and intelligence services from Poland, Finland, Lebanon, and Saudi Arabia also utilize these systems.
The radios have been integrated into radio systems since the 1990s.
Device-Level Vulnerabilities
Three additional vulnerabilities were discovered specifically affecting certain mobile TETRA radios:
- CVE-2025-52945: Weak file management restrictions
- CVE-2025-8458: Low entropy in SD card encryption keys
- MBPH-2025-003: Design flaw enabling exfiltration of TETRA and E2EE key material
These flaws could allow attackers with physical access to execute unauthorized code, steal encryption keys, or install persistent backdoors.
Mitigation Recommendations
Since comprehensive patches are not currently available for most vulnerabilities, several mitigation strategies are recommended:
- Migrate to secure E2EE implementations that have undergone thorough security review
- Avoid weakened encryption variants entirely
- Disable TEA1 support and rotate all network keys
- Add TLS or VPN layers when using TETRA for data transmission
- Implement continuous security audits for mission-critical communication systems
Industry Response and Transparency Concerns
The research highlights concerning transparency issues within the TETRA ecosystem. While some manufacturers include security information in their brochures, others only address vulnerabilities in internal communications, and some don’t mention them at all. This lack of transparency makes it difficult for users to understand the security risks associated with their communication systems.
