CVE-2025-2394

MEDIUM

Ecovacs Home <3.3.0 - Info Disclosure

Title source: llm

Description

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.

References (2)

[Various Sources] https://www.ecovacs.com/global/userhelp/dsa20250507001

[Various Sources] https://www.themissinglink.com.au/security-advisories/cve-2025-2394

Scores

CVSS v4 4.7

EPSS 0.0012

EPSS Percentile 31.1%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

Ecovacs/Ecovacs Mobile and Android Application 3.3.0

Published May 23, 2025

Tracked Since Feb 18, 2026