Cleartext AES Key Transmission in Sight Bulb Pro by Smart Home Vendor
CVE-2025-6521

6.8MEDIUM

Key Information:

Vendor: Trendmakers
Status: Sight Bulb Pro Firmware Zj Cg32-2201
Vendor: CVE Published:; 27 June 2025

🔔 Create Trendmakers Vulnerability Alert

What is CVE-2025-6521?

During the initial device setup, the Sight Bulb Pro broadcasts an access point that connects users for configuration. In this process, AES encryption keys are transmitted in cleartext, leaving them susceptible to interception. If these keys are captured by an attacker, they could decrypt communications between the Sight Bulb Pro management app and the device, potentially exposing sensitive information, including network credentials. This vulnerability highlights the importance of securing encryption key exchanges to safeguard user data and maintain overall network integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Sight Bulb Pro Firmware ZJ_CG32-2201 0 <= 8.57.83

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.trendmakerscares.com/Customer-Service-Hours

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 23, 2025

Credit

Fahim Balouch reported these vulnerabilities to CISA.

JSON

Trendmakers

What is CVE-2025-6521?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.