Insecure Firmware Update Vulnerability in ECOVACS Vacuum Robot Base Stations
CVE-2025-30199

7.5HIGH

Key Information:

Vendor: Ecovacs
Status: Deebot X1 Series; Deebot T20 Series; Deebot T10 Series; Deebot T30 Series
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-30199?

The ECOVACS vacuum robot base stations possess a vulnerability that allows for firmware updates to be conducted without proper validation. This flaw can enable attackers to exploit unsecured connections between the robot and the base station, potentially leading to unauthorized firmware installation. This risk underscores the critical importance of secure communication protocols to prevent malicious entities from hijacking device functionality.

Affected Version(s)

DEEBOT T10 Series *

DEEBOT T20 Series *

DEEBOT T30 Series *

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

https://www.cve.org/CVERecord?id=CVE-2025-30199

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Mar 18, 2025

Credit

Dennis Giese, undefined

Braelynn Luedtke, undefined

Chris Anderson, undefined

Ecovacs

What is CVE-2025-30199?

Affected Version(s)

References

CVSS V4

Timeline

Credit