These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-59452 is a YoSmart YoLink Smart Hub/API issue disclosed by CISA on 2026-01-13. The advisory says the YoLink API through 2025-10-02 used an endpoint URL derived from a device MAC address together with an MD5 hash of non-secret information, including a key that begins with cf50. YoSmart states update 0383 supports a new dynamic authentication algorithm and will be delivered automatically over the a [truncated]
CVE-2025-59451 is a low-severity YoSmart YoLink issue disclosed publicly by CISA on 2026-01-13. The advisory says the YoSmart YoLink application through 2025-10-02 had session tokens with unexpectedly long lifetimes, which can extend the usable window for an active session. CISA also states the issue was resolved on the server backend and that no user actions are required.
CVE-2025-59449 affects YoSmart YoLink Smart Hub-related services and was publicly disclosed by CISA on 2026-01-13 in ICSA-26-013-03. The advisory says the YoSmart YoLink MQTT broker through 2025-10-02 did not enforce sufficient authorization controls to prevent cross-account attacks. If an attacker obtains associated device IDs, they may be able to remotely operate affected devices. CISA’s published mater [truncated]
CISA's 2026-01-13 advisory for CVE-2025-59448 says parts of the YoSmart YoLink ecosystem used unencrypted MQTT communications, creating risk of disclosure or tampering if an attacker can observe network traffic. The issue affects YoLink Mobile Application 1.40.41 and the YoLink MQTT Broker; YoSmart recommends updating to 1.40.45 or later.