CVE-2025-30198 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cisa-cg	CNA	6.3 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
ecovacs	deebot_x1s_pro_firmware	𝑥 < 2.5.38
ecovacs	deebot_x1_pro_omni_firmware	𝑥 < 2.5.38
ecovacs	deebot_x1_omni_firmware	𝑥 < 2.4.45
ecovacs	deebot_x1s_pro_firmware	𝑥 < 2.4.45
ecovacs	deebot_x1_turbo_firmware	𝑥 < 2.5.38
ecovacs	deebot_x1s_pro_firmware	𝑥 < 2.4.45
ecovacs	deebot_t10_firmware	𝑥 < 1.11.0
ecovacs	deebot_t10_omni_firmware	𝑥 < 1.11.0
ecovacs	deebot_t10_plus_firmware	𝑥 < 1.11.0
ecovacs	deebot_t10_turbo_firmware	𝑥 < 1.11.0
ecovacs	deebot_t20_omni_firmware	𝑥 < 1.25.0
ecovacs	deebot_t20_pro_plus_firmware	𝑥 < 1.25.0
ecovacs	deebot_t20_pro_firmware	𝑥 < 1.25.0
ecovacs	deebot_t30_omni_firmware	𝑥 < 1.100.0
ecovacs	deebot_t30s_firmware	𝑥 < 1.100.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-321 - Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
CWE-798 - Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json

https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19

https://www.cve.org/CVERecord?id=CVE-2025-30198