Unauthorized Password Reset Vulnerability in AC Smart II by LG Electronics
CVE-2025-10204

7.1HIGH

Key Information:

Vendor: Lg Electronics
Status: Ac Smart Ii
Vendor: CVE Published:; 14 September 2025

🔔 Create Lg Electronics Vulnerability Alert

What is CVE-2025-10204?

A significant vulnerability has been identified in AC Smart II, allowing unauthorized users to change administrator passwords. This flaw stems from a hidden form in the application that can be manipulated using browser developer tools. Attackers can exploit this weakness to gain administrative access without needing to authenticate or possess valid user permissions, posing severe risks to system integrity and security.

Affected Version(s)

AC Smart II 2.1.9

References

https://lgsecurity.lge.com/bulletins

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 14, 2025
Vulnerability Reserved
Sep 10, 2025