IM
IronMonkey Threat Research

CVE-2025-29631 CRITICAL

Published: 2025-07-25 | Last Modified: 2026-04-15 | Status: Deferred

Description

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an attacker to execute arbitrary operating system commands on a target Home Kit.

Additional Descriptions (1)

Un problema en Gardyn 4 permite que un atacante remoto ejecute código arbitrario

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 5.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-78
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-94
Notification
Message here