CVE-2025-15474 | THREATINT

Description

AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained connection attempts interrupt keypad authentication input and repeatedly force the device into lockout states, preventing legitimate users from unlocking the device.

PUBLISHED Reserved 2026-01-07 | Published 2026-01-07 | Updated 2026-01-07 | Assigner VulnCheck

MEDIUM: 5.3CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status

unaffected

Any version

affected

Credits

Jabari Lucien (nsm_barii) finder

References

github.com/nsm-barii/ble-smartlock-dos technical-description exploit

www.amazon.com/dp/B0F9L1M4XG product

www.vulncheck.com/...mbination-lock-ble-connection-flood-dos third-party-advisory

cve.org (CVE-2025-15474)

nvd.nist.gov (CVE-2025-15474)

Download JSON