PT-2025-50548 · Aqara · Aqara Hub M3+2
Published
2025-12-10
·
Updated
2025-12-19
·
CVE-2025-65297
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Aqara Hub Camera Hub G3 version 4.1.9 0027
Aqara Hub M2 version 4.3.6 0027
Aqara Hub M3 version 4.3.6 0025
Description
Aqara Hub devices automatically collect and upload sensitive information in an unencrypted format. This data collection and transmission occur without any disclosure or consent from the manufacturer.
Recommendations
For Aqara Hub Camera Hub G3 version 4.1.9 0027, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Aqara Hub M2 version 4.3.6 0027, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
For Aqara Hub M3 version 4.3.6 0025, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aqara Camera Hub G3
Aqara Hub M2
Aqara Hub M3