CVE-2025-29629
published 2025-07-25CVE-2025-29629: Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for…
PriorityP358critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.47%
37.1th percentile
Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gardyn | home_kit_firmware | < master.619 | master.619 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7422-rhq7-3wfj: An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component
ghsa_unreviewed·2025-07-25
CVE-2025-29629 [HIGH] CWE-1392 GHSA-7422-rhq7-3wfj: An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component
An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component
CISA ICS
Gardyn Home Kit
cisa_ics·2026-02-24·CVSS 9.1
[CRITICAL] Gardyn Home Kit
ICS Advisory
##
Gardyn Home Kit
Release DateFebruary 24, 2026
Alert CodeICSA-26-055-03
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of these vulnerabilities could allow unauthenticated users to access and control edge devices, access cloud-based devices and user information without authentication, and pivot to other edge devices managed in the Gardyn cloud environment.
The following versions of Gardyn Home Kit are affected:
- Home Kit Firmware
- Gardyn Home Kit Mobile Application <2.11.0 (CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2025-1242)
- Gardyn Home Kit Cloud API <2.12.2026 (CVE-2025-29628, CVE-2025-29629, CVE-2025-29631, CVE-2025-1242)
CVSS
Vendor
Equipm
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-25
Published