PT-2025-10977 · Samsung · Samsung Smartthings Hub
Nini
·
Published
2025-03-11
·
Updated
2025-08-08
·
CVE-2025-2233
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Samsung SmartThings (affected versions not specified)
Description:
This issue allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings, with no authentication required for exploitation. The flaw exists within the Hub Local API service, which listens on TCP port 8766 by default, due to the lack of proper verification of a
cryptographic signature. An attacker can leverage this to bypass authentication on the system.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samsung Smartthings Hub