CVE Catalog

CVE-2025-56557

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

A vulnerability in the Tuya Smart Life App version 5.6.1 allows attackers to gain unprivileged control over Matter devices via the Matter protocol. The issue stems from insufficient access controls on device management functions.

Risk Assessment

The organization faces the risk of unauthorized control over Matter smart devices, potentially leading to privacy breaches, sabotage, or device misuse in attacks.

Recommendation

Immediately update the Tuya Smart Life App to the latest available version and implement authentication and authorization mechanisms for Matter devices.

Original NVD description (English source)

An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS