CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json	Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19	Third Party Advisory US Government Resource
https://www.cve.org/CVERecord?id=CVE-2025-30199	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1_omni:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1_turbo:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_x1s_pro:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10_omni:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10_plus:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t10_turbo:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t20_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t20_omni:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t20_pro_plus_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t20_pro_plus:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t20_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t20_pro:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t30_omni_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t30_omni:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:ecovacs:deebot_t30s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ecovacs:deebot_t30s:-:*:*:*:*:*:*:*

History

23 Sep 2025, 17:11

Type	Values Removed	Values Added
References	~~() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json -~~	() https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json - Third Party Advisory
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 -~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19 - Third Party Advisory, US Government Resource
References	~~() https://www.cve.org/CVERecord?id=CVE-2025-30199 -~~	() https://www.cve.org/CVERecord?id=CVE-2025-30199 - Third Party Advisory
First Time		Ecovacs deebot T20 Omni Ecovacs deebot T10 Turbo Firmware Ecovacs deebot X1 Omni Firmware Ecovacs deebot T30 Omni Firmware Ecovacs deebot T10 Ecovacs deebot T30s Ecovacs deebot X1 Pro Omni Firmware Ecovacs deebot T10 Firmware Ecovacs deebot X1s Pro Firmware Ecovacs deebot T20 Pro Firmware Ecovacs deebot T10 Turbo Ecovacs deebot X1s Pro Ecovacs deebot X1 Turbo Ecovacs deebot T10 Plus Ecovacs Ecovacs deebot X1 Turbo Firmware Ecovacs deebot T30 Omni Ecovacs deebot T10 Plus Firmware Ecovacs deebot T10 Omni Ecovacs deebot T30s Firmware Ecovacs deebot X1 Pro Omni Ecovacs deebot T20 Omni Firmware Ecovacs deebot T10 Omni Firmware Ecovacs deebot T20 Pro Plus Firmware Ecovacs deebot T20 Pro Plus Ecovacs deebot X1 Omni Ecovacs deebot T20 Pro
CPE		cpe:2.3:h:ecovacs:deebot_t30s:-:::::::* cpe:2.3:o:ecovacs:deebot_t10_plus_firmware:::::::: cpe:2.3:h:ecovacs:deebot_t10_plus:-:::::::* cpe:2.3:o:ecovacs:deebot_x1_omni_firmware:::::::: cpe:2.3:o:ecovacs:deebot_t10_firmware:::::::: cpe:2.3:o:ecovacs:deebot_t30_omni_firmware:::::::: cpe:2.3:h:ecovacs:deebot_x1s_pro:-:::::::* cpe:2.3:h:ecovacs:deebot_t20_pro:-:::::::* cpe:2.3:h:ecovacs:deebot_t20_omni:-:::::::* cpe:2.3:o:ecovacs:deebot_t20_omni_firmware:::::::: cpe:2.3:h:ecovacs:deebot_x1_omni:-:::::::* cpe:2.3:o:ecovacs:deebot_x1_pro_omni_firmware:::::::: cpe:2.3:o:ecovacs:deebot_t30s_firmware:::::::: cpe:2.3:h:ecovacs:deebot_x1_pro_omni:-:::::::* cpe:2.3:h:ecovacs:deebot_t30_omni:-:::::::* cpe:2.3:h:ecovacs:deebot_t20_pro_plus:-:::::::* cpe:2.3:o:ecovacs:deebot_t20_pro_plus_firmware:::::::: cpe:2.3:h:ecovacs:deebot_t10_turbo:-:::::::* cpe:2.3:o:ecovacs:deebot_t10_omni_firmware:::::::: cpe:2.3:h:ecovacs:deebot_t10_omni:-:::::::* cpe:2.3:o:ecovacs:deebot_x1_turbo_firmware:::::::: cpe:2.3:h:ecovacs:deebot_t10:-:::::::* cpe:2.3:o:ecovacs:deebot_t10_turbo_firmware:::::::: cpe:2.3:o:ecovacs:deebot_t20_pro_firmware:::::::: cpe:2.3:o:ecovacs:deebot_x1s_pro_firmware:::::::: cpe:2.3:h:ecovacs:deebot_x1_turbo:-:::::::*

05 Sep 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-05 18:15

Updated : 2025-09-23 17:11

NVD link : CVE-2025-30199

Mitre link : CVE-2025-30199

CVE.ORG link : CVE-2025-30199

JSON object : View

Products Affected

ecovacs

deebot_t20_omni_firmware
deebot_x1s_pro_firmware
deebot_t10_turbo_firmware
deebot_t30_omni
deebot_t10_omni
deebot_t10_firmware
deebot_t20_pro
deebot_t10_plus
deebot_x1_pro_omni
deebot_t10_omni_firmware
deebot_t30s
deebot_x1_turbo_firmware
deebot_t10
deebot_t10_plus_firmware
deebot_t30s_firmware
deebot_x1_omni
deebot_x1s_pro
deebot_x1_pro_omni_firmware
deebot_t20_pro_firmware
deebot_t20_omni
deebot_t20_pro_plus_firmware
deebot_t10_turbo
deebot_x1_omni_firmware
deebot_t20_pro_plus
deebot_x1_turbo
deebot_t30_omni_firmware

CWE

CWE-494

Download of Code Without Integrity Check

7.2 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2025-30199

7.2^/10

Attach tags to `CVE-2025-30199`