CVE-2025-65295

Name of the Vulnerable Software and Affected Versions Aqara Hub versions 4.1.9 0027, 4.3.6 0027, and 4.3.6 0025

Description The Aqara Hub firmware update process has flaws that could allow attackers to install malicious firmware without proper verification. The device does not validate firmware signatures during updates and utilizes outdated cryptographic methods susceptible to signature forgery. Additionally, the device reveals information due to improperly initialized memory.

Recommendations Update to a newer version that contains a fix for this vulnerability.