216.73.217.22

CVE-2025-65295

· Published 10/12/2025 22:16 · Modified 17/12/2025 19:49

Labels: CVE-2025-65295 2025-12-10CVE-2025-65295CWE-326[email protected]

Essential information

Published
10/12/2025 22:16
Modified
17/12/2025 19:49
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
aqara / hub m2 firmware cpe:2.3:o:aqara:hub_m2_firmware:4.3.6_0027:*:*:*:*:*:*:*
aqara / hub m2 cpe:2.3:h:aqara:hub_m2:-:*:*:*:*:*:*:*
aqara / hub m3 firmware cpe:2.3:o:aqara:hub_m3_firmware:4.3.6_0025:*:*:*:*:*:*:*
aqara / hub m3 cpe:2.3:h:aqara:hub_m3:-:*:*:*:*:*:*:*
aqara / camera hub g3 firmware cpe:2.3:o:aqara:camera_hub_g3_firmware:4.1.9_0027:*:*:*:*:*:*:*
aqara / camera hub g3 cpe:2.3:h:aqara:camera_hub_g3:-:*:*:*:*:*:*:*

References