CVE-2025-2394
4.7
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
Summary
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Ecovacs | Ecovacs Mobile and Android Application | 3.3.0 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.themissinglink.com.au/security-advisories/cve-2025-2394
- https://www.ecovacs.com/global/userhelp/dsa20250507001
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.