CVE-2025-59448
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-59448
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker. NOTE: The vendor states that the vulnerability described (related to insecure transmission) only impacts the legacy mobile application logic, not the Hub hardware or firmware. The Hub functions solely as a pass-through (transparent gateway) for LoRa wireless data and does not inspect or process the application layer data.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
敏感数据的明文传输
Source: NVD (National Vulnerability Database)
Vulnerability Title
YoSmart YoLink Ecosystem 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
YoSmart YoLink Ecosystem是美国YoSmart公司的一套智能家居系统。 YoSmart YoLink Ecosystem存在安全漏洞,该漏洞源于使用未加密的MQTT进行通信,可能导致敏感信息泄露或设备控制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| YoSmart | YoLink ecosystem | 0 ~ 2025-10-02 | - |
II. Public POCs for CVE-2025-59448
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-59448
请登录查看更多情报信息。
Same Patch Batch · YoSmart · 2025-10-06 · 6 CVEs total
| CVE-2025-59452 | 5.8 MEDIUM | YoSmart YoLink API 安全漏洞 |
| CVE-2025-59449 | 4.9 MEDIUM | YoSmart YoLink MQTT broker 安全漏洞 |
| CVE-2025-59450 | 4.3 MEDIUM | YoSmart YoLink Smart Hub 安全漏洞 |
| CVE-2025-59451 | 3.5 LOW | YoSmart YoLink Application 安全漏洞 |
| CVE-2025-59447 | 2.2 LOW | YoSmart YoLink Smart Hub 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-319
- CVE-2026-45180
Catalyst::Plugin::Statsd versions through 0.10.0 for Perl ma - CVE-2026-45179
Plack::Middleware::Statsd versions before 0.9.0 for Perl may - CVE-2025-59852
HCL DFXAnalytics is affected by an Insufficient Transport - CVE-2026-7610
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmissi - CVE-2026-42514
Sensitive Data Exposure Vulnerability in e-Sushrut HMIS
V. Comments for CVE-2025-59448
No comments yet