CVE-2025-65295

HIGH

Aqara Hub <4.1.9_0027-4.3.6_0025 - RCE

Title source: llm

Description

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

References (1)

[Exploit, Third Party Advisory] https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/OTA-Firmware-Insecurity.md

View Exploit ZIP pw:eip

Scores

CVSS v3 8.1

EPSS 0.0004

EPSS Percentile 13.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-326 CWE-457 CWE-347

Status published

Products (3)

aqara/camera_hub_g3_firmware 4.1.9_0027

aqara/hub_m2_firmware 4.3.6_0027

aqara/hub_m3_firmware 4.3.6_0025

Published Dec 10, 2025

Tracked Since Feb 18, 2026