Sensitive Data Exposure in Ecovacs Home Mobile Applications for Android and iOS
CVE-2025-2394

4.7MEDIUM

Key Information:

Vendor: Ecovacs
Status: Ecovacs Mobile And Android Application
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-2394?

The Ecovacs Home mobile applications for Android and iOS, up to version 3.3.0, were found to contain hardcoded access keys and secrets for Alibaba Object Storage Service (OSS). This vulnerability could allow malicious actors to exploit these credentials, potentially leading to unauthorized access and the exposure of sensitive user data. Users are advised to update their applications promptly and review access controls related to their data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ecovacs Mobile and Android Application Android 3.3.0

References

https://www.themissinglink.com.au/security-advisories/cve...

https://www.ecovacs.com/global/userhelp/dsa20250507001

CVSS V4

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
May 23, 2025

JSON

Ecovacs