CVE-2025-53649 MEDIUM

CVE-2025-53649

Vendor Switchbot
Product SwitchBot App for iOS/Android
Weakness CWE-532 · Sensitive info in logs
Published July 29, 2025
Last update July 29, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.

Key dates

02Disclosure timeline

July 29, 2025 CVE published
July 29, 2025 Record updated