CVE-2025-65396 is a vulnerability discovered in the boot process of Blurams Flare Camera devices running firmware version 24.1114.151.929 and earlier. The flaw arises from the device's bootloader handling of SPI flash memory read errors. An attacker with physical proximity can short a data pin on the SPI flash IC to ground, causing a read error during boot. This triggers the device to enter a bootloader shell accessible via the UART interface, which is typically used for debugging and development. Through this shell, the attacker can dump the entire firmware image, which includes sensitive information such as cryptographic keys used for securing communications and user configuration data. The vulnerability is classified under CWEs related to improper handling of memory and input validation (CWE-1274, CWE-119, CWE-125). The CVSS v3.1 base score is 6.1, reflecting medium severity, with attack vector requiring physical access (AV:P), low attack complexity (AC:L), no privileges or user interaction needed, and high impact on confidentiality and integrity but no impact on availability. No patches or firmware updates have been published yet, and no known exploits have been observed in the wild. The attack requires specialized hardware knowledge and physical access, limiting remote exploitation but posing a risk in environments where physical security is weak or devices are deployed in accessible locations.

The primary impact of this vulnerability is the compromise of confidentiality and integrity of the Blurams Flare Camera devices. By gaining access to the bootloader shell, an attacker can extract cryptographic keys and user configurations, potentially allowing them to decrypt communications, impersonate devices, or manipulate device settings. For European organizations relying on these cameras for security monitoring, this could lead to unauthorized surveillance, data leakage, or further network infiltration if the devices are connected to broader systems. The requirement for physical access limits the scope but does not eliminate risk, especially in public or semi-public installations such as retail stores, offices, or critical infrastructure sites. The lack of availability impact means the device continues operating normally post-exploit, potentially allowing prolonged undetected compromise. The absence of known exploits reduces immediate risk but highlights the need for proactive mitigation. Overall, the vulnerability could undermine trust in security infrastructure and expose sensitive operational data.

To mitigate CVE-2025-65396, organizations should implement strict physical security controls to prevent unauthorized access to the devices, including secure mounting locations and tamper-evident enclosures. Hardware-level protections such as disabling or physically blocking UART interfaces or redesigning the PCB to prevent easy shorting of SPI flash pins should be considered. Monitoring for physical tampering and deploying intrusion detection mechanisms can help detect exploitation attempts. Firmware updates from Blurams should be applied promptly once available, ideally incorporating bootloader protections against SPI read errors and unauthorized shell access. Network segmentation of camera devices can limit lateral movement if compromise occurs. Additionally, organizations should review cryptographic key management practices to ensure keys can be rotated or invalidated if exposed. Regular security audits and penetration testing focusing on physical attack vectors will enhance overall resilience.