CVE-2025-2394

MEDIUM

Ecovacs Home <3.3.0 - Info Disclosure

Title source: llm

Description

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.

References (2)

Core 2

Core References

Various Sources

https://www.ecovacs.com/global/userhelp/dsa20250507001

Various Sources

https://www.themissinglink.com.au/security-advisories/cve-2025-2394

Scores

CVSS v4 4.7

EPSS 0.0018

EPSS Percentile 7.8%

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-798

Status published

Products (1)

Ecovacs/Ecovacs Mobile and Android Application 3.3.0

Published May 23, 2025

Tracked Since Feb 18, 2026