Medium severity4.9NVD Advisory· Published Oct 6, 2025· Updated Apr 15, 2026
CVE-2025-59449
CVE-2025-59449
Description
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacker can exploit this to gain full control over any other YoLink user's devices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <= 2025-10-02
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.