CVE-2025-65396

MEDIUM

Blurams Flare Camera <24.1114.151.929 - Info Disclosure

Title source: llm

Description

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.

References (3)

Core 3

Core References

Product

http://blurams.com

Not Applicable

http://flare.com

Broken Link

https://lessonsec.com/cve/cve-2025-65396/

Scores

CVSS v3 6.1

EPSS 0.0002

EPSS Percentile 5.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-119 CWE-125 CWE-1274

Status published

Products (1)

blurams/dome_flare_firmware < 24.1114.151.929

Published Jan 14, 2026

Tracked Since Feb 18, 2026