‹ Back to ICS Advisories

Dreame Technology iOS and Android Mobile Applications (Update A)

HIGH

CVSS 7.3

Date 2026-06-02T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability could result in unauthorized information disclosure.

// Vulnerabilities (1)

CVE ID	CVSS Score	Severity	Description
CVE-2025-8393	7.3	high	A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.

// Remediations (2)

Mitigation: Contact Dreame Technology directly for more information. Note that MOVA is a subsidiary of Dreame Te

Contact Dreame Technology directly for more information. Note that MOVA is a subsidiary of Dreame Technology.

Patch: Dreame has updated their mobile app to remove unencrypted communications and implement SSL certifica

Dreame has updated their mobile app to remove unencrypted communications and implement SSL certificate based secure communication. Users should upgrade to the most current version of the mobile application.

Dreame Technology iOS and Android Mobile Applications (Update A)

// Description

// Vulnerabilities (1)

// Remediations (2)

// References