CVE-2025-65297
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aqara | hub | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-5 | Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are weakly encrypted. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Aqara Hub devices, including Camera Hub G3, Hub M2, and Hub M3, automatically collecting and uploading sensitive information without encryption. This data collection happens without disclosure or consent from the manufacturer, meaning users are unaware that their sensitive information is being transmitted insecurely.
How can this vulnerability impact me? :
The impact of this vulnerability is that sensitive information from Aqara Hub devices can be exposed during transmission because it is uploaded unencrypted. This could lead to unauthorized access, data interception, and potential misuse of personal or sensitive data without the user's knowledge or consent.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves automatic collection and upload of unencrypted sensitive information without disclosure or consent, which likely violates compliance requirements of standards such as GDPR and HIPAA that mandate data protection, user consent, and secure handling of sensitive information.