Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability 漏洞信息(CVE-2025-2233)

一、漏洞 CVE-2025-2233 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

密码学签名的验证不恰当

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2025-2233 的公开POC

#	POC 描述	源链接	神龙链接
1	Improper Verification of Cryptographic Signature (CWE-347)	https://github.com/McTavishSue/CVE-2025-2233	POC详情

三、漏洞 CVE-2025-2233 的情报信息

https://www.zerodayinitiative.com/advisories/ZDI-25-127/ x_research-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-2233

一、 漏洞 CVE-2025-2233 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2025-2233 的公开POC

三、漏洞 CVE-2025-2233 的情报信息

一、漏洞 CVE-2025-2233 基础信息