CVE-2025-1242CRITICAL 9.1EPSS p34.9%

CVE-2025-1242CVE-2025-1242

Description

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.44% probability of exploitation · percentile 34.9% · 2026-06-19T12:03:05Z
Published2026-02-25
Last modified2026-04-15

Underlying weaknesses· 1

CWE-798

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json
  2. https://mygardyn.com/security/
  3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29629
CVE
CVE-2025-29628
CVE
CVE-2025-29631
CVE
CVE-2025-41648
CVE
CVE-2025-41656
CVE
CVE-2025-41682
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.