Insecure Wi-Fi Communication in ECOVACS Robot Vacuums and Base Stations
CVE-2025-30200

2.3LOW

Key Information:

Vendor: Ecovacs
Status: Deebot X1 Series; Deebot T20 Series; Deebot T10 Series; Deebot T30 Series
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-30200?

ECOVACS robot vacuums and base stations are vulnerable due to their reliance on an insecure Wi-Fi network for communication. This vulnerability arises from the use of a deterministic AES encryption key, which can be easily derived by potential attackers, exposing sensitive information and control capabilities of the devices. Users are advised to review their security measures and consider network segmentation to mitigate the risks associated with this vulnerability.

Affected Version(s)

DEEBOT T10 Series *

DEEBOT T20 Series *

DEEBOT T30 Series *

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

https://www.cve.org/CVERecord?id=CVE-2025-30200

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Mar 18, 2025

Credit

Dennis Giese, undefined

Braelynn Luedtke, undefined

Chris Anderson, undefined