Home / Vulnerability Intelligence / CVE-2025-10681

CVE-2025-10681 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: April 3, 2026

Mobile App & Device Firmware - Hardcoded Credentials

Published: April 3, 2026Updated: April 3, 2026PoC AvailableRemote Exploitable

Overview

A mobile app and device firmware contain hardcoded storage credentials that do not limit end user permissions or expire timely, letting attackers gain unauthorized access to production storage containers, exploit requires no special conditions.

Severity & Score

Severity: High

CVSS Score: 8.6

EPSS Score: 3.9%(Probability of exploitation in next 30 days)

Impact

Attackers can gain unauthorized access to production storage containers, potentially leading to data exposure or manipulation.

Mitigation

Remove hardcoded credentials and implement secure, expiring credential management.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 4, 2026

🟠 CVE-2025-10681 - High (8.6) Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulnerability may grant unauthorized access to produ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-10681/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(2 repos)

Related Resources

Details

CVE ID: CVE-2025-10681
Severity: High
CVSS Score: 8.6
Type: hardcoded_credentials
Status: new
EPSS: 3.9%
Social Posts: 1

CWE

CWE-798

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

EPSS Score

3.9%Probability of exploitation in the next 30 days