CVE-2025-15474

MEDIUM

AuntyFey Smart Combination Lock - DoS

Title source: llm

Description

AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained connection attempts interrupt keypad authentication input and repeatedly force the device into lockout states, preventing legitimate users from unlocking the device.

Exploits (1)

nomisec WORKING POC 3 stars

by NSM-Barii · poc

https://github.com/NSM-Barii/CVE-2025-15474

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.amazon.com/dp/B0F9L1M4XG

[Various Sources] https://github.com/nsm-barii/ble-smartlock-dos

[Third Party Advisory] https://www.vulncheck.com/advisories/auntyfey-smart-combination-lock-ble-connection-flood-dos

Scores

CVSS v4 5.3

EPSS 0.0003

EPSS Percentile 9.2%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Details

CWE

CWE-770

Status published

Products (1)

AuntyFey/AuntyFey Smart Combination Lock < 2025-12-24

Published Jan 07, 2026

Tracked Since Feb 18, 2026