CVE-2025-30199 – ECOVACS vacuum robot base stations lack firmwar... (How to Fix)

Q: What is the severity of CVE-2025-30199?

CVE-2025-30199 has a CVSS score of 7.2 (HIGH). ECOVACS vacuum robot base stations lack firmware update validation, allowing attackers to send malicious over-the-air updates via the insecure connection between robot and base station. This affects ECOVACS robot vacuum systems using vulnerable base stations, potentially compromising home networks.

📋 TL;DR

ECOVACS vacuum robot base stations lack firmware update validation, allowing attackers to send malicious over-the-air updates via the insecure connection between robot and base station. This affects ECOVACS robot vacuum systems using vulnerable base stations, potentially compromising home networks.

💻 Affected Systems

Products:

ECOVACS robot vacuum base stations

Versions: All versions prior to patched firmware

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires physical proximity or network access to the robot-base station communication channel.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of base station allowing persistent malware installation, robot control takeover, lateral movement to home network devices, and potential physical safety risks from manipulated robot behavior.

🟠

Likely Case

Unauthorized firmware modification leading to base station malfunction, robot control disruption, data exfiltration from connected devices, and creation of botnet nodes.

🟢

If Mitigated

Limited impact with network segmentation preventing lateral movement, though base station functionality may still be compromised.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires intercepting or simulating robot-base station communication, which may require specialized tools but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check ECOVACS app for latest firmware

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19

Restart Required: Yes

Instructions:

1. Open ECOVACS app 2. Check for firmware updates 3. Apply any available updates 4. Restart base station and robot

🔧 Temporary Workarounds

Network Segmentation

all

Isolate robot and base station on separate VLAN or network segment

Physical Security

all

Restrict physical access to robot operating area to prevent local attacks

🧯 If You Can't Patch

Disconnect base station from network when not in use
Monitor network traffic for unusual firmware update attempts

🔍 How to Verify

Check if Vulnerable:

Check ECOVACS app firmware version against latest available version

Check Version:

Check firmware version in ECOVACS mobile application settings

Verify Fix Applied:

Confirm firmware version matches latest patched version in ECOVACS app

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update events
Base station reboot logs
Communication errors between robot and base station

Network Indicators:

Unusual firmware download traffic
Suspicious communication between robot and base station
Unexpected network connections from base station

SIEM Query:

source="ecovacs_base_station" AND event_type="firmware_update"

📊 Metadata

CVE ID: CVE-2025-30199

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-494

EPSS Score: 0.03% exploit probability (7.8th percentile)

Published: September 5, 2025

Last Updated: September 23, 2025

🔗 References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 Third Party Advisory,US Government Resource
https://www.cve.org/CVERecord?id=CVE-2025-30199 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30199, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Deebot T10 Firmware by Ecovacs

Deebot T10 Omni Firmware by Ecovacs

Deebot T10 Plus Firmware by Ecovacs

Deebot T10 Turbo Firmware by Ecovacs

Deebot T20 Omni Firmware by Ecovacs

Deebot T20 Pro Firmware by Ecovacs

Deebot T20 Pro Plus Firmware by Ecovacs

Deebot T30 Omni Firmware by Ecovacs

Deebot T30s Firmware by Ecovacs

Deebot X1 Omni Firmware by Ecovacs

Deebot X1 Pro Omni Firmware by Ecovacs

Deebot X1 Turbo Firmware by Ecovacs

Deebot X1s Pro Firmware by Ecovacs

Deebot X1s Pro Firmware by Ecovacs

Deebot X1s Pro Firmware by Ecovacs

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Physical Security

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities