Security Advisory | SmartRemote module information leakage vulnerability
Original release date: 2026-02-27
CVE ID
CVE-2025-15509
CVSS 3.1 Base Score
7.1 High (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)
Description
The SmartRemote module has insufficient restrictions on loading URLs, which may lead to some information leakage.
Software Versions and Fixes
- Software Affected Version Fixed Version
- SmartRemote Versions below 5.1.2.0 Version 5.1.2.0 and above
Temporary Fix
NA
Obtaining Fixed Software
The vulnerability can be fixed by updating the vivo SmartRemote
Source
From white hat hacker: ZZZ
Update Records
2026-02-27 V1.0 INITIAL
FAQs
NA
vivo Security Procedures
vivo is committed to providing users with best cyber security products and services, and follows the industrial best practice to handle and publish vunerability information.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.
To report a security vulnerability in vivo products and solutions, please send it to security@vivo.com.
For details, please visit Security Advisory.