CVE-2025-8393 Information

Description

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.

Reference

https://support.dreametech.com/hc/en-us https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-06

Related CNNVD

CNNVD-202508-770 (Published: 2025-08-08)