CVE-2025-65290
📋 TL;DR
Aqara Hub devices fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept update traffic and serve malicious firmware. This affects Camera Hub G3, Hub M2, and Hub M3 devices with specific firmware versions. Attackers could potentially compromise device functionality or gain unauthorized access.
💻 Affected Systems
- Aqara Camera Hub G3
- Aqara Hub M2
- Aqara Hub M3
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers serve malicious firmware that gives them persistent remote access to the device, allowing them to compromise the entire smart home network, steal sensitive data, or use the device as a botnet node.
Likely Case
Attackers intercept firmware updates to install modified firmware that disables security features, collects user data, or provides backdoor access to the local network.
If Mitigated
With proper network segmentation and monitoring, impact is limited to the compromised device only, preventing lateral movement to other systems.
🎯 Exploit Status
Exploitation requires man-in-the-middle position during firmware update. Public technical details available in GitHub repository.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Monitor Aqara official channels for firmware updates. 2. When available, update affected devices through official app. 3. Verify update completes successfully.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Aqara Hub devices on separate VLAN or network segment to limit attack surface
Disable Automatic Updates
allPrevent automatic firmware updates that could be intercepted
🧯 If You Can't Patch
- Physically disconnect devices from internet and use local-only functionality
- Monitor network traffic for unusual outbound connections or firmware update attempts
🔍 How to Verify
Check if Vulnerable:
Check device firmware version in Aqara Home app: Settings > About Device > Firmware VersionCheck Version:
Not applicable - use Aqara Home app interfaceVerify Fix Applied:
Verify firmware version is updated beyond vulnerable versions listed in affected_systems📡 Detection & Monitoring
Log Indicators:
- Unusual firmware update activity
- Failed certificate validation attempts
- Unexpected device reboots
Network Indicators:
- HTTPS traffic to firmware servers without certificate validation
- Unusual outbound connections from hub devices
- MITM attack patterns during update windows
SIEM Query:
Not applicable - device-specific logging limited