CNNVD-202511-2616 Information

Nov 24, 2025 cve

CNNVD ID

CNNVD-202511-2616

CVE-2025-56400

CNNVD Published: 2025-11-24

Description (Chinese)

Tuya Android SDK等都是中国涂鸦（Tuya）公司的产品。Tuya Android SDK是一个软件开发工具包。Tuya iOS SDK是一个软件开发工具包。Tuya Smart App是一个智能APP。 Tuya多款产品存在安全漏洞，该漏洞源于OAuth实现中未验证state参数，可能导致跨站请求伪造攻击。以下产品受到影响：Tuya Android SDK、Tuya iOS SDK、Tuya Smart和Tuya Smartlife。

Description (English)

Tuya Android SDK and others are products of Tuya. Tuya Android SDK is a software development toolkit. Tuya iOS SDK is a software development toolkit. Tuya Smart App is a smart APP. There is a safety loophole in Tuya ’ s multiple products, which stems from unverified State parameters achieved in the OAuth and may lead to cross-site requests for false attacks. The following products were affected: Tuya Android SDK, Tuya iOS SDK, Tuya Smart and Tuya Smartlife.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

涂鸦

Published

2025-11-24

Last Modified

2026-02-24

References

http://tuya.com https://src.tuya.com/announcement/30 https://access.redhat.com/security/cve/cve-2025-56400

Share on: