CVE-2025-65295 – This CVE describes vulnerabilities in Aqara Hub... (How to Fix)

Q: What is the severity of CVE-2025-65295?

CVE-2025-65295 has a CVSS score of 8.1 (HIGH). This CVE describes vulnerabilities in Aqara Hub firmware update processes that allow attackers to install malicious firmware without proper signature validation. Attackers can exploit outdated cryptographic methods to forge valid signatures and access information through memory exposure. Users of Aqara Camera Hub G3, Hub M2, and Hub M3 devices with affected firmware versions are at risk.

📋 TL;DR

This CVE describes vulnerabilities in Aqara Hub firmware update processes that allow attackers to install malicious firmware without proper signature validation. Attackers can exploit outdated cryptographic methods to forge valid signatures and access information through memory exposure. Users of Aqara Camera Hub G3, Hub M2, and Hub M3 devices with affected firmware versions are at risk.

💻 Affected Systems

Products:

Aqara Camera Hub G3
Aqara Hub M2
Aqara Hub M3

Versions: Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, Hub M3 4.3.6_0025

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with these firmware versions are vulnerable by default. The vulnerability affects the OTA (Over-The-Air) firmware update mechanism.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, data exfiltration, and potential lateral movement to other network devices.

🟠

Likely Case

Unauthorized firmware installation leading to device malfunction, data theft, or surveillance capabilities.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though device integrity remains compromised.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Technical details and proof-of-concept are publicly available in the GitHub repository. Exploitation requires network access to the device's update mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Monitor Aqara official channels for firmware updates. 2. When available, download official firmware from Aqara website/app. 3. Apply update through device management interface. 4. Verify firmware version after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Aqara hubs from critical network segments and internet access

Disable Automatic Updates

all

Prevent automatic firmware updates that could be malicious

🧯 If You Can't Patch

Disconnect devices from network entirely
Replace vulnerable devices with patched alternatives

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Aqara app: Device Settings > About > Firmware Version

Check Version:

Not applicable - check through Aqara mobile app interface

Verify Fix Applied:

Verify firmware version has changed from vulnerable versions listed above

📡 Detection & Monitoring

Log Indicators:

Unexpected firmware update attempts
Failed signature verification logs
Memory access errors

Network Indicators:

Unusual outbound connections from hub devices
Firmware download from non-Aqara sources
UDP/TCP traffic on update ports

SIEM Query:

source="aqara_hub" AND (event="firmware_update" OR event="signature_failure")

📊 Metadata

CVE ID: CVE-2025-65295

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-326

EPSS Score: 0.03% exploit probability (9.1th percentile)

Published: December 10, 2025

Last Updated: December 17, 2025

🔗 References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/OTA-Firmware-Insecurity.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65295, you might also want to check these: