Command Injection Vulnerability in Aqara Hub Devices by Aqara
CVE-2025-65292

7.3HIGH

Key Information:

Vendor: Aqara
Status: Aqara Hub
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-65292?

A command injection vulnerability exists in Aqara Hub devices, including the Camera Hub G3, Hub M2, and Hub M3. This issue allows attackers to exploit weaknesses related to the handling of malicious domain names, granting them the ability to execute arbitrary commands with root privileges. As a result, unauthorized users may gain control over sensitive functions and data within the affected devices, posing a significant security risk to users.

References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqa...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Nov 18, 2025

CVE-2025-65292 Data

JSON