cvedb.io
CVE-2025-65295
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2025-12-10T22:16:27.140 · Last modified 2026-06-17T09:55:37.467

Summary

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

Affected products

aqara — hub_m2_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when aqara ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.