Home / Vulnerability Intelligence / CVE-2025-10681

CVE-2025-10681 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: April 3, 2026

Mobile App & Device Firmware - Hardcoded Credentials

Published: April 3, 2026Updated: April 3, 2026PoC AvailableRemote Exploitable

Overview

A mobile app and device firmware contain hardcoded storage credentials that do not limit end user permissions or expire timely, letting attackers gain unauthorized access to production storage containers, exploit requires no special conditions.

Severity & Score

Severity: High

CVSS Score: 8.6

Impact

Attackers can gain unauthorized access to production storage containers, potentially leading to data exposure or manipulation.

Mitigation

Remove hardcoded credentials and implement secure, expiring credential management.

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json
https://mygardyn.com/security/
https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-10681
Severity: High
CVSS Score: 8.6
Type: hardcoded_credentials
Status: new

CWE

CWE-798

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L