CVE-2025-65297

EUVD-2025-202635
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
aqarahub_m2_firmware
4.3.6_0027:_0027
aqarahub_m3_firmware
4.3.6_0025:_0025
aqaracamera_hub_g3_firmware
4.1.9_0027:_0027
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/Unauthorized-Data-Upload.md