CVE-2025-30198 — MEDIUM (6.3)

Q: What is CVE-2025-30198?

CVE-2025-30198 is a vulnerability with a CVSS score of 6.3 (MEDIUM). ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.

Q: How severe is CVE-2025-30198?

CVE-2025-30198 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-30198?

Check the references section above for vendor advisories and patch information. Affected products include: Ecovacs Deebot X1S Pro Firmware, Ecovacs Deebot X1S Pro, Ecovacs Deebot X1 Pro Omni Firmware, Ecovacs Deebot X1 Pro Omni, Ecovacs Deebot X1 Omni Firmware.

Vulnerability Description

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Ecovacs	Deebot X1S Pro Firmware	< 2.5.38
Ecovacs	Deebot X1S Pro	-
Ecovacs	Deebot X1 Pro Omni Firmware	< 2.5.38
Ecovacs	Deebot X1 Pro Omni	-
Ecovacs	Deebot X1 Omni Firmware	< 2.4.45
Ecovacs	Deebot X1 Omni	-
Ecovacs	Deebot X1 Turbo Firmware	< 2.5.38
Ecovacs	Deebot X1 Turbo	-
Ecovacs	Deebot T10 Firmware	< 1.11.0
Ecovacs	Deebot T10	-
Ecovacs	Deebot T10 Omni Firmware	< 1.11.0
Ecovacs	Deebot T10 Omni	-
Ecovacs	Deebot T10 Plus Firmware	< 1.11.0
Ecovacs	Deebot T10 Plus	-
Ecovacs	Deebot T10 Turbo Firmware	< 1.11.0
Ecovacs	Deebot T10 Turbo	-
Ecovacs	Deebot T20 Omni Firmware	< 1.25.0
Ecovacs	Deebot T20 Omni	-
Ecovacs	Deebot T20 Pro Plus Firmware	< 1.25.0
Ecovacs	Deebot T20 Pro Plus	-

Related Weaknesses (CWE)

CWE-321 CWE-798

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-13Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-30198Third Party Advisory

FAQ

What is CVE-2025-30198?

CVE-2025-30198 is a vulnerability with a CVSS score of 6.3 (MEDIUM). ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.

How severe is CVE-2025-30198?

CVE-2025-30198 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-30198?

Check the references section above for vendor advisories and patch information. Affected products include: Ecovacs Deebot X1S Pro Firmware, Ecovacs Deebot X1S Pro, Ecovacs Deebot X1 Pro Omni Firmware, Ecovacs Deebot X1 Pro Omni, Ecovacs Deebot X1 Omni Firmware.