CVE-2025-65397
MEDIUM EPSS 22.9%
Published Jan 14, 20265mo ago · Modified Jun 17, 20262w ago
6.8 CVSS 3.1
Published Jan 14, 2026 5mo ago
Last Modified Jun 17, 2026 2w ago
Description
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
22.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-20 Improper Input Validation Validation
CWE-287 Improper Authentication Authentication
Affected Products 2
References 3
- blurams.com http://blurams.com
- flare.com http://flare.com
- lessonsec.com https://lessonsec.com/cve/cve-2025-65397/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.