Recent vulnerabilities in TETRA radio encryption have revealed potential risks to law enforcement communication security.

Cybersecurity researchers have identified a new set of vulnerabilities in the Terrestrial Trunked Radio (TETRA) communications protocol, particularly within its proprietary end-to-end encryption (E2EE) mechanism. These vulnerabilities, collectively referred to as 2TETRA:2BURST, were presented by Midnight Blue researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels at the Black Hat USA security conference. TETRA, a European mobile radio standard, is extensively utilised by law enforcement, military, transportation, utilities, and critical infrastructure operators. Developed by the European Telecommunications Standards Institute (ETSI), TETRA employs four encryption algorithms: TEA1, TEA2, TEA3, and TEA4. This disclosure follows the discovery of previous vulnerabilities in TETRA, known as TETRA:BURST, which included an “intentional backdoor” that could be exploited to leak sensitive information.

The newly discovered vulnerabilities include issues related to packet injection and an inadequate fix for CVE-2022-24401, which failed to prevent keystream recovery attacks. Specific vulnerabilities include CVE-2025-52940, which exposes TETRA end-to-end encrypted voice streams to replay attacks, allowing attackers to inject arbitrary voice streams indistinguishable from authentic traffic. CVE-2025-52941 highlights a weakened AES-128 implementation, reducing effective key entropy from 128 to 56 bits, making it susceptible to brute-force attacks. Other vulnerabilities, such as CVE-2025-52942 and CVE-2025-52944, reveal a lack of replay protection and message authentication, respectively. Midnight Blue noted that the impact of 2TETRA:2BURST varies based on the specific use cases and configurations of TETRA networks, particularly those that carry data, which are especially vulnerable to packet injection attacks that could compromise radio communications.