CVE-2025-30198

LOW EPSS 10.3%
Published Sep 5, 20259mo ago · Modified Jun 17, 20262w ago
2.3 CVSS 4.0
Low
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.

CVSS Details

Base Score
2.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
10.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-321
CWE-798 Use of Hard-coded Credentials Authentication

Affected Products 30

VendorProductVersionRange
ecovacsdeebot_x1s_pro_firmware* <2.5.38
ecovacsdeebot_x1s_pro*any
ecovacsdeebot_x1_pro_omni_firmware* <2.5.38
ecovacsdeebot_x1_pro_omni*any
ecovacsdeebot_x1_omni_firmware* <2.4.45
ecovacsdeebot_x1_omni*any
ecovacsdeebot_x1s_pro_firmware* <2.4.45
ecovacsdeebot_x1s_pro*any
ecovacsdeebot_x1_turbo_firmware* <2.5.38
ecovacsdeebot_x1_turbo*any
ecovacsdeebot_x1s_pro_firmware* <2.4.45
ecovacsdeebot_x1s_pro*any
ecovacsdeebot_t10_firmware* <1.11.0
ecovacsdeebot_t10*any
ecovacsdeebot_t10_omni_firmware* <1.11.0
ecovacsdeebot_t10_omni*any
ecovacsdeebot_t10_plus_firmware* <1.11.0
ecovacsdeebot_t10_plus*any
ecovacsdeebot_t10_turbo_firmware* <1.11.0
ecovacsdeebot_t10_turbo*any
ecovacsdeebot_t20_omni_firmware* <1.25.0
ecovacsdeebot_t20_omni*any
ecovacsdeebot_t20_pro_plus_firmware* <1.25.0
ecovacsdeebot_t20_pro_plus*any
ecovacsdeebot_t20_pro_firmware* <1.25.0
ecovacsdeebot_t20_pro*any
ecovacsdeebot_t30_omni_firmware* <1.100.0
ecovacsdeebot_t30_omni*any
ecovacsdeebot_t30s_firmware* <1.100.0
ecovacsdeebot_t30s*any

References 3

  • github.com https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19
    Third Party Advisory
  • cve.org https://www.cve.org/CVERecord?id=CVE-2025-30198
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.