CVE-2025-10250
BaseFortify
Publication date: 2025-09-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dji | mavic_mini | 01.00.0500 |
| dji | mavic_air | 01.00.0500 |
| dji | mavic_spark | 01.00.0500 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10250 is a cryptographic vulnerability affecting DJI Mavic Spark, Mavic Air, and Mavic Mini drones running firmware version 01.00.0500. The issue lies in the Telemetry Channel component, which uses a hard-coded, static WEP encryption key for wireless communication. WEP is an outdated and insecure encryption standard, and the static key allows attackers on the local network to intercept, decrypt, and replay control and telemetry data. This means an attacker can capture and manipulate the drone's wireless traffic, potentially hijacking the drone's control. Exploitation requires local network access and is considered difficult, but a public proof-of-concept exploit exists. The affected products are no longer supported by the vendor. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can compromise the confidentiality, integrity, and availability of the affected DJI drones' wireless communications. An attacker within wireless range can intercept and decrypt telemetry and control data, replay captured packets, and potentially hijack the drone by sending unauthorized commands. This could lead to loss of control over the drone, unauthorized surveillance, or other malicious activities. Since the drones are no longer supported, no known mitigations exist, and replacement of the devices is recommended. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by capturing and analyzing the wireless traffic between the DJI drone and its controller. Since the communication uses Enhanced Wi-Fi with static WEP encryption keys, you can use a compatible wireless adapter (e.g., TP-Link router with Atheros chipset running OpenWRT) to capture packets with tools like tcpdump. Then, use Aircrack-ng with a PTW attack to attempt to recover the static WEP key within seconds. Commands to consider include: 1) tcpdump to capture traffic on the appropriate wireless interface, 2) aircrack-ng to crack the WEP key from the captured packets. The unusual 5 MHz channel width used by the drones may require specialized hardware or configuration to capture traffic properly. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected DJI Mavic Spark, Mavic Air, and Mavic Mini drones running firmware version 01.00.0500, as these products are no longer supported and have no known countermeasures. It is recommended to replace these devices with alternative products that do not suffer from this vulnerability. Since the vulnerability requires local network access and exploits a hard-coded cryptographic key, limiting network access and avoiding use of these drones on untrusted networks may reduce risk but does not fully mitigate the issue. [2]