CVE-2025-29629

Sažetak

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

Reference

https://github.com/mselbrede/gardyn/blob/main/CVE-2025-29629.md
https://mygardyn.com/blog/security-update/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

CVSS

Base:	9.1
Impact:	5.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Zadnje važnije ažuriranje

25-02-2026 - 21:16

Objavljeno

25-07-2025 - 17:15