CVE-2025-29629CRITICAL 9.1EPSS p36.6%

CVE-2025-29629CVE-2025-29629

Description

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.46% probability of exploitation · percentile 36.6% · 2026-06-19T12:03:05Z
Published2025-07-25
Last modified2026-04-15

Underlying weaknesses· 3

CWE-1392CWE-94CWE-200

References

  1. https://github.com/mselbrede/gardyn/blob/main/CVE-2025-29629.md
  2. https://mygardyn.com/blog/security-update/
  3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

3

TypeTargetConfidenceTier
WeaknessUse of Default Credentialscwe-13920%live
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29631
CVE
CVE-2025-29628
CVE
CVE-2025-1242
CVE
CVE-2026-26366
CVE
CVE-2026-24789
CVE
CVE-2026-20998
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.