CVE-2025-65297 - Aqara Hub M3 Firmware, Aqara Camera Hub G3 Firmware and Aqara Hub M2 Firmware

December 10, 2025

Critical 7.5

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer.

Affected software

Aqara Hub M3 Firmware

Aqara Camera Hub G3 Firmware

Aqara Hub M2 Firmware

Reference links

https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/Unauthorized-Data-Upload.md

CVE-2025-65297 - Aqara Hub M3 Firmware, Aqara Camera Hub G3 Firmware and Aqara Hub M2 Firmware

Affected software

Reference links

Get alerted to vulnerabilities in your software