CVE-2025-8393

Published: Aug 8, 2025

Modified: Aug 8, 2025

PUBLISHED

CVSS v3.1

7.3

HIGH

Description

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.

Vendor	Product	Versions
Dreame Technology	Dreamehome iOS app	affected `0 - <= 2.3.4`
Dreame Technology	Dreamehome Android app	affected `0 - <= 2.1.8.8`
Dreame Technology	MOVAhome iOS app	affected `0 - <= 1.2.3`

Weaknesses (CWE)

CWE-295

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-06

https://support.dreametech.com/hc/en-us

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-8393

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References