CVE-2025-2394

Disclosure of Alibaba (OSS) Keys In Ecovacs Home Android and iOS Mobile Applications

Discovered by Michael Newton on behalf of The Missing Link Security

Vulnerability Details

Access keys and secrets for Alibaba Object Storage Service (OSS) were embedded within the Ecovacs Home Android and iOS mobile applications up to and including version 3.3.0, leading to sensitive data disclosure.

Affected Versions

Before 3.3.0

Fixed Versions

Fixed in: 3.3.0

Latest News

Microsoft Copilot vs ChatGPT vs Gemini: Which one fits your business best? 

Modern Service Desk: Unlocking IT support efficiency with new tools

5 minutes with Paul Emerson

See All News