CVE-2025-29629

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Gardyn Home Kit firmware versions prior to master.619 Gardyn Home Kit Mobile Application versions prior to 2.11.0 Gardyn Home Kit Cloud API versions prior to 2.12.2026 Gardyn versions prior to 4

Description The Gardyn Home Kit firmware, Mobile Application, and Cloud API use weak default credentials for secure shell access. This could allow attackers to gain access to exposed Gardyn Home Kits. An issue in Gardyn allows a remote attacker to obtain sensitive information and execute arbitrary code through the Gardyn Home component.

Recommendations Update Gardyn Home Kit firmware to version master.619 or later. Update Gardyn Home Kit Mobile Application to version 2.11.0 or later. Update Gardyn Home Kit Cloud API to version 2.12.2026 or later. Update Gardyn to version 4 or later.

Exploit

Fix

RCE

Information Disclosure

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-94CWE-1392

Related Identifiers

CVE-2025-29629

Affected Products

Gardyn 4

CVE-2025-29629

Weakness Enumeration

Related Identifiers

Affected Products

References · 9