CVE-2025-65396 is a vulnerability found in the boot process of Blurams Flare Camera devices with firmware version 24.1114.151.929 and earlier. The flaw arises from the camera's bootloader relying on SPI flash memory reads without sufficient hardware-level protections against fault injection. An attacker with physical proximity can manipulate the hardware by shorting a data pin on the SPI flash IC to ground during the boot sequence, causing a read error. This fault triggers the bootloader to enter a shell accessible via the UART interface, effectively hijacking the boot process. Through this shell, the attacker can extract the entire firmware image, which contains sensitive information such as cryptographic keys used for secure communications and user configuration data. This exposure can lead to further compromise, including unauthorized access to the camera's video streams or network. The attack requires no software-level authentication but does require physical access and hardware manipulation tools. No patches or firmware updates have been released at the time of publication, and no public exploits are known. The vulnerability highlights a critical hardware security oversight in the device's design, specifically the lack of protections against fault injection and secure boot mechanisms. Organizations deploying these cameras in security-sensitive environments face risks of confidentiality breaches and potential downstream attacks leveraging extracted credentials or firmware analysis.

For European organizations, the impact of this vulnerability is significant in scenarios where Blurams Flare Cameras are deployed in sensitive or critical infrastructure environments such as corporate offices, retail, public safety, or industrial sites. The ability to extract cryptographic keys and configurations compromises the confidentiality and integrity of video feeds and device communications. This could lead to unauthorized surveillance, data leakage, or use of the camera as a pivot point for broader network intrusion. The physical access requirement limits the attack surface but does not eliminate risk in environments with shared or poorly controlled physical access. Additionally, firmware disclosure can facilitate development of remote exploits or malware targeting these devices. The absence of patches increases exposure duration. The vulnerability could undermine trust in security monitoring and surveillance systems, potentially affecting compliance with European data protection regulations such as GDPR if personal data is compromised.

Mitigation should focus on preventing physical access to the camera hardware by enforcing strict physical security controls, such as locked enclosures, tamper-evident seals, and surveillance of camera locations. Organizations should conduct hardware inspections to detect any unauthorized modifications or tampering. Until a vendor patch or hardware revision is available, disabling UART interfaces or physically blocking access to UART pins may reduce risk. Network segmentation can limit the impact of compromised cameras by isolating them from critical systems. Monitoring for unusual device behavior or firmware anomalies can provide early detection of exploitation attempts. Engaging with Blurams for firmware updates or hardware revisions that implement secure boot and fault injection protections is critical. Finally, organizations should consider replacing vulnerable devices in high-risk environments with models that have robust hardware security features.