CVE-2025-30199

ECOVACS Vacuum and Base Station accept unsigned firmware

Description

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.

INFO

Published Date :

2025-09-05T17:45:07.227Z

Last Modified :

2025-09-08T18:21:06.626Z

Source :

cisa-cg

AFFECTED PRODUCTS

The following products are affected by CVE-2025-30199 vulnerability.

Vendors	Products
Ecovacs	Deebot T10 Deebot T10 Firmware Deebot T10 Omni Deebot T10 Omni Firmware Deebot T10 Plus Deebot T10 Plus Firmware Deebot T10 Turbo Deebot T10 Turbo Firmware Deebot T20 Omni Deebot T20 Omni Firmware Deebot T20 Pro Deebot T20 Pro Firmware Deebot T20 Pro Plus Deebot T20 Pro Plus Firmware Deebot T30 Omni Deebot T30 Omni Firmware Deebot T30s Deebot T30s Firmware Deebot X1 Omni Deebot X1 Omni Firmware Deebot X1 Pro Omni Deebot X1 Pro Omni Firmware Deebot X1 Turbo Deebot X1 Turbo Firmware Deebot X1s Pro Deebot X1s Pro Firmware

Vendors

Products

Ecovacs

Deebot T10
Deebot T10 Firmware
Deebot T10 Omni
Deebot T10 Omni Firmware
Deebot T10 Plus
Deebot T10 Plus Firmware
Deebot T10 Turbo
Deebot T10 Turbo Firmware
Deebot T20 Omni
Deebot T20 Omni Firmware
Deebot T20 Pro
Deebot T20 Pro Firmware
Deebot T20 Pro Plus
Deebot T20 Pro Plus Firmware
Deebot T30 Omni
Deebot T30 Omni Firmware
Deebot T30s
Deebot T30s Firmware
Deebot X1 Omni
Deebot X1 Omni Firmware
Deebot X1 Pro Omni
Deebot X1 Pro Omni Firmware
Deebot X1 Turbo
Deebot X1 Turbo Firmware
Deebot X1s Pro
Deebot X1s Pro Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30199.

URL	Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-135-19.json
https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-19
https://www.cve.org/CVERecord?id=CVE-2025-30199

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact