CVE-2025-65397 identifies a security vulnerability in the Blurams Flare Camera firmware version 24.1114.151.929 and earlier. The vulnerability stems from an insecure authentication mechanism implemented in the safe_exec.sh startup script. Specifically, if the file /opt/images/public_key.der is absent, the script fails to properly verify the authenticity of configuration files. An attacker with physical access to the device can exploit this by inserting a maliciously crafted auth.ini file onto the device's SD card. Upon device startup, the script processes this file without adequate validation, allowing arbitrary command execution with root privileges. This can lead to full compromise of the device, including unauthorized access to video streams, manipulation of device settings, or pivoting to other networked systems. The vulnerability is categorized under CWE-287 (Improper Authentication) and CWE-20 (Improper Input Validation). The CVSS v3.1 base score is 6.8, reflecting a medium severity with a vector indicating physical attack vector (AV:P), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No patches or exploits are currently documented, but the risk is significant due to root-level command execution capability.

For European organizations, this vulnerability poses a significant risk especially in sectors relying on Blurams Flare Cameras for security monitoring, such as retail, manufacturing, healthcare, and critical infrastructure. Successful exploitation can lead to full device compromise, enabling attackers to intercept or manipulate video feeds, disable security monitoring, or use the compromised device as a foothold for lateral movement within internal networks. This can result in breaches of sensitive data, disruption of security operations, and potential physical security risks. The requirement for physical access limits remote exploitation but does not eliminate risk in environments where devices are accessible to unauthorized personnel or where insider threats exist. Additionally, compromised cameras in public or semi-public spaces could be used to undermine privacy and surveillance integrity. The medium severity score reflects the balance between high impact and the physical access requirement.

European organizations should implement the following specific mitigations: 1) Verify the presence of the /opt/images/public_key.der file on all Blurams Flare Cameras to ensure proper authentication mechanisms are in place. 2) Restrict physical access to camera devices by deploying them in secure enclosures or monitored locations to prevent unauthorized SD card insertion. 3) Regularly audit and inventory deployed cameras to identify vulnerable firmware versions and affected devices. 4) Engage with the vendor to obtain and apply firmware updates or patches as soon as they become available. 5) Implement physical tamper-evident measures and monitor device integrity to detect unauthorized modifications. 6) Use network segmentation to isolate camera devices from critical systems, limiting potential lateral movement if a device is compromised. 7) Train staff on the risks of physical device tampering and establish protocols for reporting suspicious activity. These measures go beyond generic advice by focusing on physical security controls and proactive device validation.