CVE-2025-10681

HIGH

Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

Title source: cna

Description

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.

Exploits (1)

nomisec WRITEUP 1 stars

by MichaelAdamGroberman · poc

https://github.com/MichaelAdamGroberman/CVE-2025-10681

View Code ZIP pw:eip

References (3)

https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

https://mygardyn.com/security/

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json

View Writeup ZIP pw:eip

Scores

CVSS v3 8.6

EPSS 0.0005

EPSS Percentile 16.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Details

CWE

CWE-798

Status published

Products (2)

Gardyn/Cloud API < 2.12.2026

Gardyn/Mobile Application < 2.11.0

Published Apr 03, 2026

Tracked Since Apr 04, 2026