CVE-2025-30199 — HIGH (7.2)

Q: What is CVE-2025-30199?

CVE-2025-30199 is a vulnerability with a CVSS score of 7.2 (HIGH). ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

Q: How severe is CVE-2025-30199?

CVE-2025-30199 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-30199?

Check the references section above for vendor advisories and patch information. Affected products include: Ecovacs Deebot X1S Pro Firmware, Ecovacs Deebot X1S Pro, Ecovacs Deebot X1 Pro Omni Firmware, Ecovacs Deebot X1 Pro Omni, Ecovacs Deebot X1 Omni Firmware.

Vulnerability Description

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ecovacs	Deebot X1S Pro Firmware	< 2.5.38
Ecovacs	Deebot X1S Pro	-
Ecovacs	Deebot X1 Pro Omni Firmware	< 2.5.38
Ecovacs	Deebot X1 Pro Omni	-
Ecovacs	Deebot X1 Omni Firmware	< 2.4.45
Ecovacs	Deebot X1 Omni	-
Ecovacs	Deebot X1 Turbo Firmware	< 2.5.38
Ecovacs	Deebot X1 Turbo	-
Ecovacs	Deebot T10 Firmware	< 1.11.0
Ecovacs	Deebot T10	-
Ecovacs	Deebot T10 Omni Firmware	< 1.11.0
Ecovacs	Deebot T10 Omni	-
Ecovacs	Deebot T10 Plus Firmware	< 1.11.0
Ecovacs	Deebot T10 Plus	-
Ecovacs	Deebot T10 Turbo Firmware	< 1.11.0
Ecovacs	Deebot T10 Turbo	-
Ecovacs	Deebot T20 Omni Firmware	< 1.25.0
Ecovacs	Deebot T20 Omni	-
Ecovacs	Deebot T20 Pro Plus Firmware	< 1.25.0
Ecovacs	Deebot T20 Pro Plus	-

Related Weaknesses (CWE)

CWE-494

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-13Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19Third Party AdvisoryUS Government Resource
https://www.cve.org/CVERecord?id=CVE-2025-30199Third Party Advisory

FAQ

What is CVE-2025-30199?

CVE-2025-30199 is a vulnerability with a CVSS score of 7.2 (HIGH). ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

How severe is CVE-2025-30199?

CVE-2025-30199 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-30199?

Check the references section above for vendor advisories and patch information. Affected products include: Ecovacs Deebot X1S Pro Firmware, Ecovacs Deebot X1S Pro, Ecovacs Deebot X1 Pro Omni Firmware, Ecovacs Deebot X1 Pro Omni, Ecovacs Deebot X1 Omni Firmware.