CVE-2025-65291

Name of the Vulnerable Software and Affected Versions Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Aqara Camera Hub G3 version 4.1.9 0027

Description Aqara Hub devices do not properly validate server certificates during TLS connections used for discovery services and CoAP gateway communications. This flaw allows for man-in-the-middle attacks, potentially compromising device control and monitoring. CoAP (Constrained Application Protocol) is a specialized web transfer protocol for constrained devices and networks. TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over a network.

Recommendations Update Aqara Hub M2 to a version after 4.3.6 0027. Update Aqara Hub M3 to a version after 4.3.6 0025. Update Aqara Camera Hub G3 to a version after 4.1.9 0027.