CVE-2025-2189
Last modified
CVE-2025-2189 is a medium-severity vulnerability rated 5.1/10 on the CVSS scale. This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
This vulnerability exists in the Tinxy smart devices due to storage of credentials in plaintext within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext credentials stored on the vulnerable device.
Metrics
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2025-2189?
How severe is CVE-2025-2189?
How do I fix CVE-2025-2189?
Are you affected by CVE-2025-2189?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST