CVE-2025-29659CRITICAL 9.8EPSS p65.6%

CVE-2025-29659CVE-2025-29659

Description

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.26% probability of exploitation · percentile 65.6% · 2026-06-18T12:00:27Z
Published2025-04-21
Last modified2025-06-23

Underlying weaknesses· 1

CWE-285

References

  1. https://github.com/Yasha-ops/RCE-YiIOT
  2. https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29659
  3. https://github.com/Yasha-ops/vulnerability-research/tree/master/CVE-2025-29659

1

TypeTargetConfidenceTier
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-29660
CVE
CVE-2025-56099
CVE
CVE-2025-56098
CVE
CVE-2025-56113
CVE
CVE-2025-8693
CVE
CVE-2025-56118
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.