CVE-2025-15474 MEDIUM

CVE-2025-15474: AuntyFey Smart Combination Lock BLE Connection Flood DoS

Vendor Auntyfey
Product AuntyFey Smart Combination Lock
Weakness CWE-770 · Uncontrolled resource consumption
Published January 7, 2026
Last update January 7, 2026

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained connection attempts interrupt keypad authentication input and repeatedly force the device into lockout states, preventing legitimate users from unlocking the device.

Key dates

02Disclosure timeline

January 7, 2026 CVE published
January 7, 2026 Record updated