CVE-2025-29631

Name of the Vulnerable Software and Affected Versions Gardyn Home Kit firmware versions prior to master.619 Gardyn Home Kit Mobile Application versions prior to 2.11.0 Gardyn Home Kit Cloud API versions prior to 2.12.2026 Gardyn 4 (affected versions not specified)

Description A flaw exists in Gardyn Home Kits that allows for command injection due to inadequate input sanitization before execution by the operating system. This may allow an attacker to execute arbitrary operating system commands on a target Home Kit. The vulnerability allows a remote attacker to execute arbitrary code.

Recommendations Update Gardyn Home Kit firmware to version master.619 or later. Update Gardyn Home Kit Mobile Application to version 2.11.0 or later. Update Gardyn Home Kit Cloud API to version 2.12.2026 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.