CVE-2025-30199

HIGH EPSS 18.4%
Published Sep 5, 20259mo ago · Modified Jun 17, 20262w ago
7.5 CVSS 4.0
High
Find Similar
Published Sep 5, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

CVSS Details

Base Score
7.5
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
18.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-494

Affected Products 30

VendorProductVersionRange
ecovacsdeebot_x1s_pro_firmware* <2.5.38
ecovacsdeebot_x1s_pro*any
ecovacsdeebot_x1_pro_omni_firmware* <2.5.38
ecovacsdeebot_x1_pro_omni*any
ecovacsdeebot_x1_omni_firmware* <2.4.45
ecovacsdeebot_x1_omni*any
ecovacsdeebot_x1s_pro_firmware* <2.4.45
ecovacsdeebot_x1s_pro*any
ecovacsdeebot_x1_turbo_firmware* <2.5.38
ecovacsdeebot_x1_turbo*any
ecovacsdeebot_x1s_pro_firmware* <2.4.45
ecovacsdeebot_x1s_pro*any
ecovacsdeebot_t10_firmware* <1.11.0
ecovacsdeebot_t10*any
ecovacsdeebot_t10_omni_firmware* <1.11.0
ecovacsdeebot_t10_omni*any
ecovacsdeebot_t10_plus_firmware* <1.11.0
ecovacsdeebot_t10_plus*any
ecovacsdeebot_t10_turbo_firmware* <1.11.0
ecovacsdeebot_t10_turbo*any
ecovacsdeebot_t20_omni_firmware* <1.25.0
ecovacsdeebot_t20_omni*any
ecovacsdeebot_t20_pro_plus_firmware* <1.25.0
ecovacsdeebot_t20_pro_plus*any
ecovacsdeebot_t20_pro_firmware* <1.25.0
ecovacsdeebot_t20_pro*any
ecovacsdeebot_t30_omni_firmware* <1.100.0
ecovacsdeebot_t30_omni*any
ecovacsdeebot_t30s_firmware* <1.100.0
ecovacsdeebot_t30s*any

References 3

  • github.com https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19
    Third Party AdvisoryUS Government Resource
  • cve.org https://www.cve.org/CVERecord?id=CVE-2025-30199
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.