CVE-2025-65290 is a vulnerability found in several Aqara Hub devices, specifically the Camera Hub G3 version 4.1.9_0027, Hub M2 version 4.3.6_0027, and Hub M3 version 4.3.6_0025. These devices fail to properly validate server certificates during HTTPS firmware downloads, which is a critical step in ensuring the authenticity and integrity of firmware updates. Without certificate validation, an attacker capable of performing a man-in-the-middle (MitM) attack can intercept the firmware update process and serve malicious firmware to the device. This could lead to unauthorized control over the device, data exfiltration, or disruption of device functionality. The vulnerability does not require user interaction but does require the attacker to be able to intercept network traffic, which could be achieved in local networks or via compromised routers or ISPs. The lack of a CVSS score indicates this is a newly published vulnerability with no known exploits in the wild yet, but the technical impact is significant given the role of firmware in device security. Aqara Hubs are commonly used in smart home and building automation environments, making this vulnerability a concern for environments relying on these devices for security or operational functions. The absence of patch links suggests that fixes may not yet be available, emphasizing the need for immediate mitigation strategies.

The impact of CVE-2025-65290 on European organizations could be substantial, particularly for those deploying Aqara Hub devices in smart homes, offices, or critical infrastructure environments. Compromise of these hubs could lead to unauthorized surveillance, data breaches, or disruption of automated systems controlling physical security or environmental controls. The integrity and availability of these devices are at risk, potentially allowing attackers to persist within networks or pivot to other systems. Confidentiality is also threatened if attackers gain access to camera feeds or sensor data. The vulnerability could undermine trust in IoT deployments and increase operational risks. Organizations in sectors such as energy, manufacturing, and government that adopt smart building technologies may face elevated risks. Additionally, the potential for firmware manipulation could facilitate further malware installation or lateral movement within networks, escalating the threat beyond the initial device compromise.

To mitigate CVE-2025-65290, organizations should first monitor vendor communications for official firmware updates that address certificate validation. Until patches are available, network segmentation should be implemented to isolate Aqara Hub devices from sensitive network segments. Employing network-level protections such as TLS interception detection, anomaly-based intrusion detection systems, and strict firewall rules can help detect or prevent MitM attempts. Organizations should also audit device configurations and restrict physical and network access to trusted personnel. Where possible, deploying network encryption and VPNs can reduce exposure to interception. Regularly reviewing device logs for unusual firmware update activity or unexpected reboots can aid early detection. Finally, organizations should consider alternative devices with stronger security postures if timely patches are not forthcoming.