CVE-2025-30199

Summary

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

Affected Software

VendorProductVersion RangeStatus
ECOVACSDEEBOT X1 Series*affected
ECOVACSDEEBOT T20 Series*affected
ECOVACSDEEBOT T10 Series*affected
ECOVACSDEEBOT T30 Series*affected

Weaknesses

  • CWE-494: CWE-494 Download of Code Without Integrity Check

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References