CVE-2025-29629

high

Description

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 use weak default credentials for secure shell access. This may result in attackers gaining access to exposed Gardyn Home Kits.

References

References
More

https://www.securityweek.com/critical-flaws-exposed-gardyn-smart-gardens-to-remote-hacking/

https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03

https://mygardyn.com/blog/security-update/

https://github.com/mselbrede/gardyn/blob/main/CVE-2025-29629.md

Details

Source: Mitre, NVD

Published: 2025-07-25

Updated: 2026-02-25

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00153