High severity7.3NVD Advisory· Published Aug 8, 2025· Updated Apr 15, 2026

CVE-2025-8393

Description

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.dreametech.com/hc/en-usnvd
www.cisa.gov/news-events/ics-advisories/icsa-25-219-06nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000