ByteOS Network

NVD Vulnerability Details :

CVE-2025-65397

Analyzed

Source-cve@mitre.org

Published At-14 Jan, 2026 | 18:16

Updated At-03 Feb, 2026 | 18:32

An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

blurams>>dome_flare_firmware>>Versions up to 24.1114.151.929(inclusive)

cpe:2.3:o:blurams:dome_flare_firmware:*:*:*:*:*:*:*:*

blurams>>dome_flare>>-

cpe:2.3:h:blurams:dome_flare:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-20	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-287	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-20

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-287

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://blurams.com	cve@mitre.org	Product
http://flare.com	cve@mitre.org	Broken Link
https://lessonsec.com/cve/cve-2025-65397/	cve@mitre.org	Broken Link

Hyperlink: http://blurams.com

Source: cve@mitre.org

Resource:

Product

Hyperlink: http://flare.com

Source: cve@mitre.org

Resource:

Broken Link

Hyperlink: https://lessonsec.com/cve/cve-2025-65397/

Source: cve@mitre.org

Resource:

Broken Link

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History