Sensitive Information Exposure in Tinxy WiFi Lock Controller by Tinxy
CVE-2025-44614

7.5HIGH

Key Information:

Vendor: Tinxy
Status: WiFi Lock Controller v1 RF
Vendor: CVE Published:; 30 May 2025

What is CVE-2025-44614?

The Tinxy WiFi Lock Controller v1 RF has been found to store critical user information, including credentials and mobile phone numbers, in plaintext format. This lack of proper encryption measures poses significant risks to user privacy and security, as unauthorized individuals could potentially access sensitive data. Users are advised to take precautionary steps and review their security practices regarding the affected product.

References

https://github.com/ShravanSinghRathore/Tinxy/wiki/1.-WiFi...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
Apr 22, 2025