The vulnerability identified as CVE-2025-65293 affects the Aqara Camera Hub G3 running firmware version 4.1.9_0027. It is a command injection flaw that allows attackers to execute arbitrary commands with root privileges by leveraging malicious QR codes during the device's setup or factory reset process. The attack vector requires the victim to scan a specially crafted QR code, which injects commands executed by the device's root user context. This bypasses any authentication mechanisms since the setup and reset phases inherently trust the QR code input. The root-level command execution capability means an attacker can fully control the device, manipulate its firmware, access stored data, or pivot to other networked systems. No CVSS score is currently assigned, and no public exploits have been reported yet. However, the vulnerability is critical due to the high privilege level and ease of exploitation. The lack of patch links suggests that a fix is pending or not yet publicly released. The vulnerability highlights risks in IoT device onboarding processes where external inputs like QR codes are not properly sanitized or validated, leading to injection attacks.

For European organizations, the impact of this vulnerability is significant, especially for those deploying Aqara Camera Hub G3 devices in smart home, office, or industrial IoT environments. Successful exploitation can lead to full device compromise, enabling attackers to intercept video feeds, manipulate device behavior, or use the device as a foothold for lateral movement within corporate or residential networks. This threatens confidentiality by exposing sensitive video and network information, integrity by allowing unauthorized command execution, and availability by potentially disabling or bricking devices. The root-level access amplifies the risk of persistent backdoors or malware installation. Given the increasing adoption of IoT devices in Europe, this vulnerability could disrupt operations, violate privacy regulations such as GDPR, and damage organizational reputation. The lack of known exploits currently provides a window for proactive mitigation before widespread attacks occur.

1. Immediately restrict physical access to Aqara Camera Hub G3 devices during setup and factory reset phases to prevent scanning of malicious QR codes by unauthorized individuals. 2. Monitor network traffic for unusual command execution patterns or unexpected outbound connections from these devices. 3. Implement network segmentation to isolate IoT devices from critical infrastructure and sensitive data networks. 4. Apply firmware updates from Aqara as soon as they become available to patch the vulnerability. 5. If updates are not yet available, consider temporarily disabling or removing vulnerable devices from sensitive environments. 6. Educate users and administrators about the risks of scanning untrusted QR codes during device setup. 7. Employ endpoint detection and response (EDR) tools capable of detecting anomalous command execution on IoT devices. 8. Collaborate with vendors to obtain timely vulnerability disclosures and patches. 9. Review and harden device onboarding procedures to validate and sanitize all inputs, including QR codes.