CVE-2025-2394

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.

CVSS

No CVSS.

References

Link	Resource
https://www.ecovacs.com/global/userhelp/dsa20250507001
https://www.themissinglink.com.au/security-advisories/cve-2025-2394

Configurations

No configuration.

History

No history.

Information

Published : 2025-05-23 01:15

Updated : 2025-09-30 11:37

NVD link : CVE-2025-2394

Mitre link : CVE-2025-2394

CVE.ORG link : CVE-2025-2394

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

{"id": "CVE-2025-2394", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.7, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-23T01:15:19.240", "references": [{"url": "https://www.ecovacs.com/global/userhelp/dsa20250507001", "source": "[email protected]"}, {"url": "https://www.themissinglink.com.au/security-advisories/cve-2025-2394", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure."}, {"lang": "es", "value": "Las aplicaciones m\u00f3viles Android e iOS de Ecovacs Home hasta la versi\u00f3n 3.3.0 conten\u00edan claves de acceso y secretos integrados para el Servicio de almacenamiento de objetos (OSS) de Alibaba, lo que provoc\u00f3 la divulgaci\u00f3n de datos confidenciales."}], "lastModified": "2025-09-30T11:37:39.357", "sourceIdentifier": "[email protected]"}

CVE-2025-2394

JSON object

Attach tags to CVE-2025-2394

Attach tags to `CVE-2025-2394`