CVE-2025-1242

Summary

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.

Affected Software

VendorProductVersion RangeStatus
GardynHome Kit0 < master.619affected
GardynHome Kit Mobile Application0 < 2.11.0affected
GardynHome Kit Cloud API0 < 2.12.2026affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References