Multiple Vulnerabilities in Aqara Hub Products by Aqara
CVE-2025-65295

8.1HIGH

Key Information:

Vendor: Aqara
Status: Camera Hub G3, Hub M2, Hub M3
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-65295?

The Aqara Hub devices are exposed to vulnerabilities during the firmware update process. The affected products—Camera Hub G3, Hub M2, and Hub M3—fail to adequately validate firmware signatures, allowing attackers to install malicious firmware without detection. This risk is compounded by the use of outdated cryptographic methods, which can be exploited to forge valid signatures. Additionally, the firmware update process may expose sensitive information due to improperly initialized memory, further increasing the potential for exploitation.

References

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqa...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Nov 18, 2025

CVE-2025-65295 Data

JSON