Authorization Bypass in Daikin Security Gateway
CVE-2025-10127

8.8HIGH

Key Information:

Vendor: Daikin
Status: Security Gateway
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-10127?

The Daikin Security Gateway is susceptible to an authorization bypass caused by a user-controlled key vulnerability. This security flaw enables unauthorized attackers to gain access to systems without needing valid credentials, thereby compromising system integrity and confidentiality. It is critical for users to apply security updates and follow best practices to protect against potential exploitation.

Affected Version(s)

Security Gateway App: 100, Frm: 214

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://www.daikin.eu/en_us/customers/support.html

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Sep 8, 2025

Credit

Gjoko Krstic