CVE-2025-10681

Gardyn Mobile Application and Device Firmware Use Hard-coded Credentials

CVSS 8.8 HIGHEPSS 0.3%CWE-798

Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to production storage containers.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

Gardyn · Cloud API Gardyn · Mobile Application

public PoCs found — 1

githubgithub.com/MichaelAdamGroberman/CVE-2025-10681★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json https://mygardyn.com/security/https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03