Vulnerability Details CVE-2025-30199
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.3%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2025-30199
-
cpe:2.3:h:ecovacs:deebot_t10:-
-
cpe:2.3:h:ecovacs:deebot_t10_omni:-
-
cpe:2.3:h:ecovacs:deebot_t10_plus:-
-
cpe:2.3:h:ecovacs:deebot_t10_turbo:-
-
cpe:2.3:h:ecovacs:deebot_t20_omni:-
-
cpe:2.3:h:ecovacs:deebot_t20_pro:-
-
cpe:2.3:h:ecovacs:deebot_t20_pro_plus:-
-
cpe:2.3:h:ecovacs:deebot_t30_omni:-
-
cpe:2.3:h:ecovacs:deebot_t30s:-
-
cpe:2.3:h:ecovacs:deebot_x1_omni:-
-
cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-
-
cpe:2.3:h:ecovacs:deebot_x1_turbo:-
-
cpe:2.3:h:ecovacs:deebot_x1s_pro:-
-
cpe:2.3:o:ecovacs:deebot_t10_firmware:-
-
cpe:2.3:o:ecovacs:deebot_t10_firmware:1.7.5
-
cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:1.9.0
-
cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:1.7.5
-
cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:1.10.0
-
cpe:2.3:o:ecovacs:deebot_t20_omni_firmware:*
-
cpe:2.3:o:ecovacs:deebot_t20_pro_firmware:*
-
cpe:2.3:o:ecovacs:deebot_t20_pro_plus_firmware:*
-
cpe:2.3:o:ecovacs:deebot_t30_omni_firmware:1.93.0
-
cpe:2.3:o:ecovacs:deebot_t30s_firmware:1.95.0
-
cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:2.4.41
-
cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:2.4.41
-
cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:2.4.41
-
cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*
-
cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:2.4.45
-
cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:2.5.31