CVE 9.8 CRITICAL

CVE-2025-65294_CVE-2025-65294

December 11, 2025 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.

AI Analysis

Undocumented remote access mechanism enabling unrestricted remote command execution in Aqara Hub devices.

Basic Information

ID CVE-2025-65294

Source mitre

Published Dec 10, 2025 at 00:00

Modified Dec 11, 2025 at 15:39

Affected Product

Vendor Aqara

Product Aqara Hub

Version 4.1.9_0027, 4.3.6_0027, 4.3.6_0025

Affected Versions n/a n/a n/a

CWE Classification

CWE-94

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Aqara

Product Aqara Hub

Version 4.1.9_0027, 4.3.6_0027, 4.3.6_0025

References

{
    "lastseen": "",
    "description": "Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.",
    "published": "2025-12-10T00:00:00.000Z",
    "modified": "2025-12-11T15:39:29.906Z",
    "type": "cve",
    "title": "CVE-2025-65294",
    "source": "mitre",
    "references": "https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/QR-Command-Injection.md\nhttps://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/Undocumented-Remote-Execution.md",
    "id": "CVE-2025-65294",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Aqara Hub",
    "version": "4.1.9_0027, 4.3.6_0027, 4.3.6_0025",
    "vendor": "Aqara",
    "ai_description": "Undocumented remote access mechanism enabling unrestricted remote command execution in Aqara Hub devices.",
    "ai_severity": "Critical",
    "ai_vendor": "Aqara",
    "ai_product": "Aqara Hub",
    "ai_version": "4.1.9_0027, 4.3.6_0027, 4.3.6_0025",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply