Vulnerabilities in Gardyn
10 resultsCVE-2025-29631CRITICALGardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow commandEPSS 1.9%CVE-2026-32646HIGHGardyn Cloud API Missing Authentication for Critical FunctionEPSS 0.5%CVE-2025-29629CRITICALGardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak defaEPSS 0.5%CVE-2025-1242CRITICALAdministrative Credentials Can Be Extracted Through Gardyn API ResponsesEPSS 0.4%CVE-2026-28766CRITICALGardyn Cloud API Missing Authentication for Critical FunctionEPSS 0.4%CVE-2026-28767MEDIUMGardyn Cloud API Missing Authentication for Critical FunctionEPSS 0.4%CVE-2026-32662MEDIUMGardyn Cloud API Active Debug CodeEPSS 0.3%CVE-2026-25197CRITICALGardyn Cloud API Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-10681HIGHGardyn Mobile Application and Device Firmware Use Hard-coded CredentialsEPSS 0.3%CVE-2025-29628CRITICALA Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home EPSS 0.3%