CVE-2025-65297
HIGHDescription
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.
Is your site exposed to CVE-2025-65297?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| aqara | hub_m2_firmware |
| aqara | hub_m2 |
| aqara | hub_m3_firmware |
| aqara | hub_m3 |
| aqara | camera_hub_g3_firmware |
| aqara | camera_hub_g3 |
References
Frequently Asked Questions
What is CVE-2025-65297? +
How severe is CVE-2025-65297? +
What products are affected by CVE-2025-65297? +
How do I check if I'm vulnerable to CVE-2025-65297? +
Related Vulnerabilities
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access …
Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 …
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in …
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates …
Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows …
Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious …