Login Sign Up

CVE-2025-65397

6.8 MEDIUM
Remote Code Execution Authentication Bypass

📋 TL;DR

This vulnerability allows attackers with physical access to Blurams Flare Camera devices to execute arbitrary commands with root privileges by placing a malicious auth.ini file on the device's SD card. The exploit works when the /opt/images/public_key.der file is missing from the system. This affects Blurams Flare Camera users with vulnerable firmware versions.

💻 Affected Systems

Products:
  • Blurams Flare Camera
Versions: 24.1114.151.929 and earlier
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability only triggers when /opt/images/public_key.der file is missing from the file system.

📦 What is this software?

Dome Flare Firmware by Blurams

View all CVEs affecting Dome Flare Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing installation of persistent malware, camera control takeover, network pivoting, and data exfiltration.

🟠

Likely Case

Local attacker gains root access to modify camera settings, disable security features, or install surveillance malware.

🟢

If Mitigated

Limited impact if physical access controls prevent unauthorized SD card insertion and file system monitoring detects auth.ini modifications.

🌐 Internet-Facing: LOW - Requires physical access to device and SD card manipulation.
🏢 Internal Only: MEDIUM - Physical access within premises could allow exploitation if devices are accessible.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires physical access to insert SD card with malicious auth.ini file. No authentication bypass needed beyond physical access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://blurams.com

Restart Required: No

Instructions:

1. Check Blurams website for firmware updates. 2. Update camera firmware if available. 3. Ensure /opt/images/public_key.der exists on device.

🔧 Temporary Workarounds

Ensure public_key.der exists

linux

Create or verify the existence of /opt/images/public_key.der file to prevent exploitation

touch /opt/images/public_key.der
chmod 644 /opt/images/public_key.der

Disable SD card functionality

all

Remove or disable SD card slot to prevent malicious file insertion

🧯 If You Can't Patch

  • Restrict physical access to cameras and secure areas
  • Monitor for unauthorized SD card insertion and file system changes

🔍 How to Verify

Check if Vulnerable:

Check if /opt/images/public_key.der file exists: ls -la /opt/images/public_key.der

Check Version:

Check device firmware version in camera settings or via manufacturer app

Verify Fix Applied:

Verify file exists and check firmware version against patched version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected SD card insertion events
  • File system modifications to /opt/images/
  • Execution of safe_exec.sh with unusual parameters

Network Indicators:

  • Unusual outbound connections from camera
  • Unexpected firmware update attempts

SIEM Query:

source="camera_logs" AND (event="sd_card_inserted" OR file_path="/opt/images/auth.ini")

📊 Metadata

CVE ID: CVE-2025-65397
CVSS v3 Score: 6.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
EPSS Score: 0.09% exploit probability (26.1th percentile)
Published: January 14, 2026
Last Updated: February 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65397, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)