CVE-2025-15474

Vulnerability Description

AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained connection attempts interrupt keypad authentication input and repeatedly force the device into lockout states, preventing legitimate users from unlocking the device.

Related Weaknesses (CWE)

References

• https://github.com/nsm-barii/ble-smartlock-dos
• https://www.amazon.com/dp/B0F9L1M4XG
• https://www.vulncheck.com/advisories/auntyfey-smart-combination-lock-ble-connect

FAQ

What is CVE-2025-15474?

CVE-2025-15474 is a documented vulnerability. AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service ...

How severe is CVE-2025-15474?

CVSS scoring is not yet available for CVE-2025-15474. Check NVD for updates.

Is there a patch for CVE-2025-15474?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.