CVE-2025-10250

CVSS v3.1

5.0

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions: DJI Mavic Spark version 01.00.0500 DJI Mavic Air version 01.00.0500 DJI Mavic Mini version 01.00.0500

Description: A weakness exists in the Telemetry Channel component due to the use of a hard-coded cryptographic key. An attacker present on the local network can exploit this issue. The exploitability is considered difficult and the exploit has been publicly released. This vulnerability only affects products that are no longer supported.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-321CWE-320

Related Identifiers

CVE-2025-10250

Affected Products

Mavic Air

Mavic Mini

Mavic Spark

CVE-2025-10250

Weakness Enumeration

Related Identifiers

Affected Products

References · 6