Command Injection Vulnerability in Aqara Camera Hub by Aqara
CVE-2025-65293

6.6MEDIUM

Key Information:

Vendor: Aqara
Status: Aqara Camera Hub
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-65293?

The Aqara Camera Hub G3 product version 4.1.9_0027 is susceptible to command injection attacks, enabling unauthorized execution of commands with root privileges. This vulnerability arises during device setup and factory reset processes via specially crafted QR codes. Attackers can exploit this flaw to manipulate the device configuration or execute arbitrary commands, raising significant security concerns for users of the device.

References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqa...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Nov 18, 2025

CVE-2025-65293 Data

JSON