CVE-2025-2394

Published: May 23, 2025

Modified: Sep 30, 2025

PUBLISHED

Description

Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.

Vendor	Product	Versions
Ecovacs	Ecovacs Mobile and Android Application	affected `3.3.0`

Weaknesses (CWE)

CWE-798

References

https://www.themissinglink.com.au/security-advisories/cve-2025-2394

https://www.ecovacs.com/global/userhelp/dsa20250507001

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-2394

Description

Affected Products

Weaknesses (CWE)

References