Remote Command Execution Vulnerability in Sight Bulb Pro by Visionary Tech
CVE-2025-6522

5.2MEDIUM

Key Information:

Vendor: Trendmakers
Status: Sight Bulb Pro Firmware Zj Cg32-2201
Vendor: CVE Published:; 27 June 2025

🔔 Create Trendmakers Vulnerability Alert

What is CVE-2025-6522?

An exploit in the Sight Bulb Pro by Visionary Tech permits unauthenticated users on an adjacent network to execute shell commands as root. This is achieved through a vulnerable proprietary TCP protocol operational on Port 16668, allowing attackers to send a specially crafted JSON string that triggers arbitrary command execution. This vulnerability poses significant risks to the integrity and security of the device, potentially compromising user data.

Affected Version(s)

Sight Bulb Pro Firmware ZJ_CG32-2201 0 <= 8.57.83

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

https://www.trendmakerscares.com/Customer-Service-Hours

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 23, 2025

Credit

Fahim Balouch reported these vulnerabilities to CISA.