PT-2025-40945 · Yosmart · Yolink Hub+2

Nicholas Cerne

Published

2025-10-06

Updated

2025-10-07

CVE-2025-59448

CVSS v3.1

4.7

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions YoSmart YoLink ecosystem through 2025-10-02 YoLink Hub 0382 YoLink Mobile Application version 1.40.41 YoLink MQTT Broker

Description Components of the YoSmart YoLink ecosystem utilize unencrypted MQTT for internet communication. This allows an attacker monitoring network traffic to potentially obtain sensitive information or manipulate traffic to control devices. MQTT (Message Queuing Telemetry Transport) is a lightweight messaging protocol often used in IoT devices.

Recommendations Update YoLink Hub to a version after 2025-10-02. Update YoLink Mobile Application to a version after 2025-10-02. Update YoLink MQTT Broker to a version after 2025-10-02.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2025-59448

Affected Products

Yolink Hub

Yolink Mqtt Broker

Yolink Mobile Application

PT-2025-40945 · Yosmart · Yolink Hub+2

CVE-2025-59448

Weakness Enumeration

Related Identifiers

Affected Products

References · 7