← back
CVE-2025-53649

CVE-2025-53649

CVSS 5.9 MEDIUMEPSS 0.1%CWE-532
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
29 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
SwitchBot · SwitchBot App for iOS/Android

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN59585716/https://www.switchbot.jp/pages/switchbot-app-vulnerability-fix202507