CVE-2025-59450 — MEDIUM (4.3)

Vulnerability Description

The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-312

References

https://bishopfox.com/blog/advisories
https://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-home
https://shop.yosmart.com/pages/product-support

FAQ

What is CVE-2025-59450?

CVE-2025-59450 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials.

How severe is CVE-2025-59450?

CVE-2025-59450 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59450?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.