CVE-2025-65291 identifies a critical security vulnerability in Aqara Hub devices, specifically the Hub M2 (version 4.3.6_0027), Hub M3 (version 4.3.6_0025), and Camera Hub G3 (version 4.1.9_0027). These devices fail to properly validate TLS server certificates during communications related to discovery services and CoAP (Constrained Application Protocol) gateway interactions. TLS certificate validation is a fundamental security mechanism that ensures the authenticity of the server and protects against man-in-the-middle (MitM) attacks. The absence or improper implementation of this validation allows an attacker positioned on the network path to intercept, modify, or inject malicious commands or data between the hub and its backend services. This can lead to unauthorized control over the smart home devices connected to the hub, exposure of sensitive monitoring data such as video feeds or sensor information, and disruption of normal device operations. The vulnerability affects core communication protocols used by the hubs, increasing the attack surface. Although no known exploits have been reported in the wild as of the publication date, the flaw’s nature makes it a significant risk. The lack of a CVSS score suggests the need for an expert severity assessment. The vulnerability does not require user interaction but does require network access to intercept communications, which could be achieved via compromised local networks or malicious Wi-Fi hotspots. The affected Aqara devices are widely used in smart home environments, which are increasingly integrated into enterprise and residential settings, raising concerns about privacy and operational security.

For European organizations, this vulnerability poses a risk to the confidentiality, integrity, and availability of smart home and IoT device communications. Organizations using Aqara hubs for building automation, security monitoring, or environmental controls could face unauthorized access or control of these systems. This could lead to privacy breaches through interception of camera feeds or sensor data, manipulation of device states causing operational disruptions, or use of compromised devices as pivot points for broader network attacks. The impact is particularly relevant for enterprises with smart office environments or managed residential properties. The vulnerability undermines trust in IoT device security and could have regulatory implications under GDPR if personal data is exposed. Additionally, the ability to perform MitM attacks without user interaction increases the risk of stealthy exploitation. The lack of patches at the time of disclosure means organizations must rely on network-level mitigations to reduce exposure. The threat also highlights the importance of secure IoT device management and network architecture in European contexts where smart home adoption is growing rapidly.

1. Apply vendor-provided patches or firmware updates as soon as they become available to ensure proper TLS certificate validation is enforced. 2. Segment IoT devices and Aqara hubs on dedicated network segments or VLANs to limit exposure to untrusted networks and reduce the attack surface. 3. Implement network monitoring and anomaly detection focused on unusual CoAP or discovery service traffic patterns that could indicate MitM attempts. 4. Use network-level TLS inspection and certificate pinning where possible to detect invalid certificates during communications. 5. Restrict physical and wireless network access to prevent attackers from positioning themselves on the communication path. 6. Educate users and administrators about the risks of connecting IoT devices to unsecured or public networks. 7. Consider deploying additional endpoint security controls on devices interacting with Aqara hubs to detect suspicious activity. 8. Maintain an inventory of IoT devices and monitor for firmware versions to prioritize remediation efforts. 9. Engage with Aqara support channels to receive timely vulnerability notifications and mitigation guidance. 10. Evaluate alternative devices or vendors with stronger security postures if timely patching is not feasible.