Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking

Gardyn smart indoor hydroponic gardens were until recently affected by potentially serious vulnerabilities that could have been exploited for remote hacking, the cybersecurity agency CISA said this week.

Gardyn smart gardens enable users to cultivate fresh vegetables, herbs, and greens indoors, using automated LED lighting, nutrient-rich water circulation, and AI-driven monitoring for effortless, year-round homegrown produce.

According to CISA, Gardyn products were affected by two critical and two high-severity vulnerabilities.

One of the critical flaws, tracked as CVE-2025-29631, is a command injection issue that can be exploited to execute arbitrary OS commands on the targeted device.

The second critical vulnerability, CVE-2025-1242, is related to the exposure of hardcoded admin credentials that can be used to gain full control of the Gardyn IoT Hub.

The high-severity vulnerabilities, CVE-2025-29628 and CVE-2025-29629, are related to the cleartext transmission of sensitive information by the Azure IoT Hub (exposure to MitM attacks) and the use ...