CVE-2025-56562 is a high-severity vulnerability affecting Signify Wiz Connected devices, specifically version 1.9.1. The root cause is an incorrect API implementation that allows an unauthenticated remote attacker to launch a Denial of Service (DoS) attack against Wiz devices by simply knowing their MAC address. The vulnerability does not require any user interaction or privileges, making it remotely exploitable over the network. The CVSS 3.1 base score of 7.5 reflects the ease of exploitation (network attack vector, low attack complexity, no privileges or user interaction required) and the impact limited to availability (no confidentiality or integrity impact). The CWE-306 classification indicates missing or insufficient authentication, which aligns with the vulnerability allowing unauthenticated access to a critical API endpoint. Although no known exploits are currently observed in the wild and no patches have been released yet, the vulnerability poses a significant risk to the availability of Wiz Connected devices, potentially disrupting smart home or building automation systems relying on these devices. The lack of authentication means attackers can target devices en masse if MAC addresses are known or can be discovered, causing widespread service disruption.

For European organizations, especially those utilizing Signify Wiz Connected devices in smart building management, lighting control, or IoT deployments, this vulnerability could lead to significant operational disruptions. A successful DoS attack could render lighting or connected devices inoperable, impacting business continuity, safety, and user comfort. Critical infrastructure facilities, office buildings, and public spaces relying on these devices may experience outages or degraded service. Although the vulnerability does not compromise data confidentiality or integrity, the availability impact can affect productivity and safety systems. Additionally, the ease of exploitation without authentication increases the risk of automated or large-scale attacks. Organizations may also face reputational damage and potential regulatory scrutiny under European cybersecurity and data protection regulations if service disruptions affect users or customers.

Given the absence of an official patch at this time, European organizations should implement network-level mitigations to reduce exposure. These include segmenting IoT devices on isolated VLANs or separate subnets with strict firewall rules to restrict inbound traffic to trusted sources only. Network monitoring should be enhanced to detect unusual traffic patterns targeting MAC addresses of Wiz devices. Employing intrusion detection/prevention systems (IDS/IPS) with custom signatures for suspicious API calls can help identify exploitation attempts. Organizations should also inventory all Wiz Connected devices and maintain an updated asset register to quickly respond to incidents. Once a patch or firmware update is released by Signify, prompt testing and deployment are critical. Additionally, limiting the exposure of device management interfaces to the internet and enforcing strong network access controls will reduce attack surface. Engaging with Signify support channels for updates and guidance is recommended.