Critical severity9.1NVD Advisory· Published Feb 25, 2026· Updated Apr 15, 2026

CVE-2025-1242

Description

The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.jsonnvd
mygardyn.com/security/nvd
www.cisa.gov/news-events/ics-advisories/icsa-26-055-03nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000