ICSA-26-013-03 · Published 2026-01-13 · View on CISA ICS-CERT ↗

YoSmart YoLink Smart Hub

CVSS 5.8 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to remotely control other users' smart home devices, intercept sensitive data, and hijack sessions.

CVEs (4)

CVE-2025-59449 CVE-2025-59452 CVE-2025-59448 CVE-2025-59451

Remediations

YoSmart recommends that users take the following actions to mitigate these vulnerabilities:
CVE-2025-59449 & CVE-2025-59451 - YoSmart's engineering team resolved these vulnerabilities on the server backend. No user actions are required
For more information visit the YoSmart Security Advisory.
CVE-2025-59452 - YoSmart released update 0383 to support a new, dynamic authentication algorithm. This will be released as an automatic over-the-air update and no user action is required.
CVE-2025-59448 - YoSmart recommends that users update to version 1.40.45 or later to mitigate this vulnerability.

Affected Vendors

YoSmart

Affected Products (3)

YoSmart · YoSmart server vers:all/*

YoSmart · YoLink Smart Hub 0382

YoSmart · YoLink Mobile Appication <v1.40.45

Affected Sectors

Communications

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more