CVE-2025-65397 identifies a critical vulnerability in the Blurams Flare Camera's startup script safe_exec.sh, affecting firmware version 24.1114.151.929 and earlier. The vulnerability stems from an insecure authentication mechanism that fails to properly verify the authenticity of configuration files during device startup. Specifically, if the file /opt/images/public_key.der is missing from the device's filesystem, the script does not enforce secure authentication. An attacker with physical access can exploit this by inserting a maliciously crafted auth.ini file onto the device's SD card. Upon device boot, the startup script processes this file without proper validation, allowing arbitrary command execution with root privileges. This can lead to full system compromise, enabling the attacker to manipulate device functions, access sensitive video streams, or pivot into connected networks. The vulnerability does not require network access or user interaction beyond physical access, making it particularly dangerous in environments with limited physical security controls. No patches or firmware updates are currently linked, and no known exploits have been reported in the wild as of the publication date. The lack of a CVSS score necessitates a severity assessment based on impact and exploitability factors.

For European organizations, this vulnerability presents a significant threat to the confidentiality, integrity, and availability of surveillance systems relying on Blurams Flare Cameras. Unauthorized root access can lead to manipulation or disabling of security cameras, loss of critical video evidence, and potential exposure of sensitive surveillance data. This could compromise physical security monitoring in corporate, governmental, and critical infrastructure environments. The ability to execute arbitrary commands also opens avenues for lateral movement within internal networks if the camera is connected to broader systems. The requirement for physical access limits remote exploitation but raises concerns in locations with public or semi-public access to devices, such as retail stores, transportation hubs, or outdoor surveillance. The absence of known exploits suggests the threat is currently theoretical but could be weaponized by attackers targeting high-value assets. The impact is amplified in sectors where surveillance integrity is paramount, including law enforcement, public safety, and private security firms.

1. Immediately verify the presence of the /opt/images/public_key.der file on all Blurams Flare Cameras and restore it if missing. 2. Restrict physical access to devices by deploying them in secured enclosures or monitored areas to prevent unauthorized SD card insertion. 3. Implement strict physical security policies and regular inspections to detect tampering. 4. Monitor device logs for unusual startup behavior or configuration changes indicative of exploitation attempts. 5. Coordinate with Blurams for firmware updates or patches addressing this vulnerability and apply them promptly once available. 6. Consider network segmentation to isolate cameras from critical infrastructure to limit lateral movement in case of compromise. 7. Educate security personnel about the risks of physical access attacks and incorporate this vulnerability into incident response plans. 8. If possible, disable unused interfaces or ports that could facilitate physical access to the device's storage media.