CVE Catalog

CVE-2025-65397

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile - higher than 21% of all known CVEs

Summary

An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to execute arbitrary commands with root privileges if the file /opt/images/public_key.der is missing. The vulnerability is triggered by providing a maliciously crafted auth.ini file on the device's SD card.

Risk Assessment

The organization risks complete compromise of the camera by an attacker with physical access, potentially leading to breach of monitored area confidentiality and use of the device as an entry point into the internal network.

Recommendation

Immediately update the camera firmware to the latest available version and secure physical access to the devices. Additionally, remove or protect the SD card from unauthorized use.

Original NVD description (English source)

An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS