CVE-2025-6031
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-10-14
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-672 | The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the end-of-life Amazon Cloud Cam. When the device is powered on, it tries to connect to a deprecated remote service and defaults to a pairing mode that allows any user to bypass SSL pinning. This means an attacker can associate the device with any network they choose, enabling them to intercept and modify the device's network traffic. [1]
How can this vulnerability impact me? :
The vulnerability allows an attacker to intercept and modify network traffic from the Amazon Cloud Cam by associating the device with an arbitrary network. This could lead to unauthorized access to video streams or other sensitive data transmitted by the device, compromising the security and privacy of the user. [1]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate step to mitigate this vulnerability is to discontinue usage of any remaining Amazon Cloud Cam devices, as the product is end-of-life and no longer supported or maintained. [1]