CVE-2025-65397

An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card.
References
Link Resource
http://blurams.com Product
http://flare.com Broken Link
https://lessonsec.com/cve/cve-2025-65397/ Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:blurams:dome_flare_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:blurams:dome_flare:-:*:*:*:*:*:*:*

History

17 Jun 2026, 09:55

Type Values Removed Values Added
Summary
  • (es) Un mecanismo de autenticación inseguro en el script de inicio safe_exec.sh de la cámara Blurams Flare versión 24.1114.151.929 y anteriores permite a un atacante con acceso físico al dispositivo ejecutar comandos arbitrarios con privilegios de root, si el archivo /opt/images/public_key.der no está presente en el sistema de archivos. La vulnerabilidad puede ser activada al proporcionar un archivo auth.ini maliciosamente diseñado en la tarjeta SD del dispositivo.

03 Feb 2026, 18:32

Type Values Removed Values Added
CPE cpe:2.3:o:blurams:dome_flare_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:blurams:dome_flare:-:*:*:*:*:*:*:*
References () http://blurams.com - () http://blurams.com - Product
References () http://flare.com - () http://flare.com - Broken Link
References () https://lessonsec.com/cve/cve-2025-65397/ - () https://lessonsec.com/cve/cve-2025-65397/ - Broken Link
First Time Blurams dome Flare Firmware
Blurams dome Flare
Blurams

21 Jan 2026, 14:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.4
v2 : unknown
v3 : 6.8

14 Jan 2026, 20:16

Type Values Removed Values Added
CWE CWE-20
CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.4

14 Jan 2026, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-14 18:16

Updated : 2026-06-17 09:55


NVD link : CVE-2025-65397

Mitre link : CVE-2025-65397

CVE.ORG link : CVE-2025-65397


JSON object : View

Products Affected

blurams

  • dome_flare
  • dome_flare_firmware
CWE
CWE-20

Improper Input Validation

CWE-287

Improper Authentication