CVE-2025-65396 – A physical access vulnerability in Blurams Flar... (How to Fix)

Q: What is the severity of CVE-2025-65396?

CVE-2025-65396 has a CVSS score of 6.1 (MEDIUM). A physical access vulnerability in Blurams Flare Camera allows attackers to hijack the boot process via UART interface by shorting SPI flash memory pins. This enables firmware extraction and disclosure of cryptographic keys and user configurations. Only users of affected camera versions with physical device access are impacted.

📋 TL;DR

A physical access vulnerability in Blurams Flare Camera allows attackers to hijack the boot process via UART interface by shorting SPI flash memory pins. This enables firmware extraction and disclosure of cryptographic keys and user configurations. Only users of affected camera versions with physical device access are impacted.

💻 Affected Systems

Products:

Blurams Flare Camera

Versions: 24.1114.151.929 and earlier

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires physical access to device UART interface and ability to short SPI flash pins during boot.

📦 What is this software?

Dome Flare Firmware by Blurams

View all CVEs affecting Dome Flare Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete firmware compromise leading to cryptographic key theft, persistent device control, and exposure of all user data and camera feeds.

🟠

Likely Case

Local attacker extracts firmware to analyze for additional vulnerabilities, potentially enabling remote exploitation or credential harvesting.

🟢

If Mitigated

With physical security controls, impact limited to isolated device compromise without network propagation.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires physical tampering skills and specific timing during boot sequence.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor Blurams website for firmware updates addressing boot process security.

🔧 Temporary Workarounds

Physical Security Hardening

all

Secure device in tamper-resistant enclosures to prevent physical access to UART and SPI components.

Boot Process Monitoring

all

Implement monitoring for abnormal boot sequences or UART access attempts.

🧯 If You Can't Patch

Deploy cameras in physically secure locations with restricted access
Implement network segmentation to isolate cameras from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check firmware version in camera settings or web interface. If version is 24.1114.151.929 or earlier, device is vulnerable.

Check Version:

Check camera web interface or mobile app for firmware version information.

Verify Fix Applied:

Verify firmware version has been updated beyond 24.1114.151.929 through official Blurams channels.

📡 Detection & Monitoring

Log Indicators:

Multiple failed boot attempts
UART interface activation logs
Abnormal boot timing

Network Indicators:

Unusual firmware update requests
Suspicious outbound connections post-boot

SIEM Query:

Device:Blurams AND (Event:boot_failure OR Interface:UART)

📊 Metadata

CVE ID: CVE-2025-65396

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-119

EPSS Score: 0.02% exploit probability (3.9th percentile)

Published: January 14, 2026

Last Updated: February 3, 2026

🔗 References

http://blurams.com Product
http://flare.com Not Applicable
https://lessonsec.com/cve/cve-2025-65396/ Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65396, you might also want to check these: