EUVD-2025-36692

An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control other users' Dyson IoT devices remotely via MQTT...

CVE-2025-56558

The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...

PT-2025-44327

Name of the Vulnerable Software and Affected Versions Dyson App versions 6.1.23041-23595 Description An issue allows unauthenticated attackers to remotely control other users' Dyson IoT devices via MQTT. Recommendations At the moment, there is no information about a newer version that contains a...

Dyson App 安全漏洞

Dyson App is a mobile application for remote control of smart devices from Dyson Singapore. A security vulnerability exists in Dyson App versions v6.1.23041 through 23595, which originates from an unauthenticated attacker being able to remotely control another user's Dyson IoT device via MQTT...

CVE-2025-56558

The provided sources describe a Dyson MQTT server vulnerability (CVE-2025-56558) affecting Dyson IoT devices dating to 2022+. A client possessing AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, and a device serial can publish/subscribe to Dyson MQTT topics even if the physical device...