Sensitive Information Exposure in SwitchBot App for iOS and Android
CVE-2025-53649

5.9MEDIUM

Key Information:

Vendor

Switchbot

Vendor
CVE Published:
29 July 2025

What is CVE-2025-53649?

The SwitchBot App for iOS and Android contains a vulnerability that allows sensitive user information to be inserted into application log files. This issue affects versions V6.24 through V9.12. If exploited, an attacker with access to these logs may gain unauthorized visibility into sensitive data stored within, leading to potential data breaches and privacy concerns for users.

Affected Version(s)

SwitchBot App for iOS/Android V6.24 through V9.12

References

CVSS V4

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.