Critical severity9.8NVD Advisory· Published Jul 25, 2025· Updated Apr 15, 2026

CVE-2025-29631

Description

Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 allow command injection through vulnerable methods that do not sanitize input before passing content to the operating system for execution. The vulnerability may allow an attacker to execute arbitrary operating system commands on a target Home Kit.

Affected products

Mselbrede/Gardynreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/mselbrede/gardyn/blob/main/CVE-2025-29628_CVE-2025-29631.mdnvd
mygardyn.com/blog/security-update/nvd
www.cisa.gov/news-events/ics-advisories/icsa-26-055-03nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000