Vulnerability Description
Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
Related Weaknesses (CWE)
References
- https://www.ecovacs.com/global/userhelp/dsa20250507001
- https://www.themissinglink.com.au/security-advisories/cve-2025-2394
FAQ
What is CVE-2025-2394?
CVE-2025-2394 is a documented vulnerability. Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
How severe is CVE-2025-2394?
CVSS scoring is not yet available for CVE-2025-2394. Check NVD for updates.
Is there a patch for CVE-2025-2394?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.