CVE-2025-29629

CRITICAL

Gardyn 4 - RCE, Info Disclosure

Title source: llm

Description

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

References (4)

Scores

CVSS v3 9.1
EPSS 0.0003
EPSS Percentile 7.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE
CWE-94 CWE-200 CWE-1392
Status draft

Timeline

Published Jul 25, 2025
Tracked Since Feb 18, 2026