Vulnerability Description
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blurams | Dome Flare Firmware | <= 24.1114.151.929 |
| Blurams | Dome Flare | - |
Related Weaknesses (CWE)
References
- http://blurams.comProduct
- http://flare.comNot Applicable
- https://lessonsec.com/cve/cve-2025-65396/Broken Link
FAQ
What is CVE-2025-65396?
CVE-2025-65396 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the ...
How severe is CVE-2025-65396?
CVE-2025-65396 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-65396?
Check the references section above for vendor advisories and patch information. Affected products include: Blurams Dome Flare Firmware, Blurams Dome Flare.