cbcvebase.
CVE-2025-65295
published 2025-12-10

CVE-2025-65295: Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow…

PriorityP347high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.20%
10.0th percentile
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

Affected

3 ranges
VendorProductVersion rangeFixed in
aqaracamera_hub_g3_firmware
aqarahub_m2_firmware
aqarahub_m3_firmware
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.