CVE-2025-65295HIGH 8.1EPSS p9.9%
CVE-2025-65295CVE-2025-65295
Description
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.
Scoring
| CVSS 3.1 | 8.1 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 0.20% probability of exploitation · percentile 9.9% · 2026-06-19T12:03:05Z |
| Published | 2025-12-10 |
| Last modified | 2025-12-17 |
Underlying weaknesses· 3
References
3
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Inadequate Encryption Strengthcwe-326 | 0% | live |
| Weakness | Improper Verification of Cryptographic Signaturecwe-347 | 0% | live |
| Weakness | Use of Uninitialized Variablecwe-457 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.