CVE-2025-65295 - Aqara Hub M3 Firmware, Aqara Camera Hub G3 Firmware and Aqara Hub M2 Firmware

Critical 8.1

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated cryptographic methods that can be exploited to forge valid signatures, and exposes information through improperly initialized memory.

Affected software

Aqara Hub M3 Firmware

Aqara Camera Hub G3 Firmware

Aqara Hub M2 Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.