CVE-2025-65296 is a NULL-pointer dereference vulnerability identified in the JSON processing components of Aqara Hub M2 (version 4.3.6_0027), Hub M3 (4.3.6_0025), and Camera Hub G3 (4.1.9_0027). The flaw arises when these devices parse malformed JSON inputs, causing the software to dereference a NULL pointer, which leads to a crash or denial-of-service (DoS) condition. This vulnerability is classified under CWE-476 (NULL Pointer Dereference). Exploitation requires an attacker to send specially crafted JSON data to the affected device over the network, without needing any authentication or user interaction. The CVSS v3.1 base score is 6.5, indicating a medium severity level, with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, meaning the attack can be performed remotely over a local network with low complexity, no privileges, and no user interaction, impacting availability only. No patches or exploits are currently publicly known. The vulnerability can cause the affected hubs to become unresponsive or reboot, disrupting smart home automation and surveillance functions. Given the role of these hubs in IoT ecosystems, the vulnerability could be leveraged to cause temporary outages or service interruptions in environments relying on Aqara devices for automation or security monitoring.

For European organizations, the primary impact of CVE-2025-65296 is the potential denial-of-service of Aqara smart home hubs and cameras, which could disrupt IoT-based automation, security monitoring, and building management systems. This may lead to operational downtime, reduced situational awareness, and increased risk exposure in environments dependent on these devices. Sectors such as smart buildings, corporate offices, healthcare facilities, and residential complexes using Aqara hubs for automation or surveillance could experience interruptions. Although the vulnerability does not compromise confidentiality or integrity, the loss of availability can affect business continuity and safety monitoring. The ease of exploitation over local networks means that attackers with network access, including insider threats or compromised devices within the same network segment, could trigger outages. The lack of known exploits reduces immediate risk, but the medium severity score warrants proactive mitigation to prevent potential disruption.

1. Monitor Aqara vendor communications closely for official patches or firmware updates addressing this vulnerability and apply them promptly once available. 2. Implement network segmentation to isolate IoT devices like Aqara hubs from critical business networks, reducing exposure to potential attackers. 3. Deploy network-level intrusion detection or prevention systems (IDS/IPS) capable of detecting and blocking malformed JSON payloads or anomalous traffic patterns targeting IoT devices. 4. Restrict network access to Aqara hubs to trusted devices and users only, using firewall rules or access control lists (ACLs). 5. Regularly audit IoT device configurations and network traffic to identify unusual activity that could indicate exploitation attempts. 6. Consider disabling unnecessary network services or interfaces on the hubs to minimize attack surface. 7. Educate IT and security teams about this vulnerability to ensure rapid response if signs of exploitation appear. 8. Maintain up-to-date asset inventories to quickly identify affected devices within the organization.