CVE-2025-1242 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: February 25, 2026
Gardyn IoT Hub - Authentication Bypass
Published: February 25, 2026Updated: February 25, 2026PoC AvailableRemote Exploitable
Overview
Gardyn IoT Hub contains an information disclosure caused by exposure of administrative credentials through API responses, mobile app, and firmware reverse engineering, letting attackers gain full administrative access, exploit requires access to application or device firmware.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can gain full administrative access, allowing malicious control over connected devices.
Mitigation
Update to the latest version or apply patches that secure credential exposure.
References
Related Resources
Details
- CVE ID
- CVE-2025-1242
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_authentication
- Status
- new
CWE
- CWE-798
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N