ByteOS Network

CVE Vulnerability Details :

CVE-2025-6031

PUBLISHED

More Info Official Page

Assigner-AMZN

Assigner Org ID-ff89ba41-3aa1-4d27-914a-91399e9639e5

Published At-12 Jun, 2025 | 19:29

Updated At-12 Jun, 2025 | 20:01

▼CVE Numbering Authority (CNA)

Insecure device pairing in end of life Amazon Cloud Cam

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification. We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

Affected Products

Vendor

Amazon

Product

Cloud Cam

Default Status

unaffected

Versions

Affected

From 0 through * (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-672	CWE-672 Operation on a Resource after Expiration or Release

Metrics

Version	Base score	Base severity	Vector
4.0	7.7	HIGH	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.1	7.5	HIGH	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impacts

CAPEC ID	Description
CAPEC-598	CAPEC-598 DNS Spoofing

References

Hyperlink	Resource
https://aws.amazon.com/security/security-bulletins/AWS-2025-013/	vendor-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References