CVE-2025-65295

HIGH

Aqara Hub <4.1.9_0027-4.3.6_0025 - RCE

Title source: llm

Description

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

References (1)

[Exploit, Third Party Advisory] https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/OTA-Firmware-Insecurity.md

View Exploit ZIP pw:eip

Scores

CVSS v3 8.1

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-326 CWE-457 CWE-347

Status published

Affected Products (3)

aqara/hub_m2_firmware

aqara/hub_m3_firmware

aqara/camera_hub_g3_firmware

Timeline

Published Dec 10, 2025

Tracked Since Feb 18, 2026