CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hi
CVSS
6.1
Medium
EPSS
0.2%
p8
KEV
—
Exploit Today
2
0-100
Published: Jan 14, 2026 · Last modified: Jul 5, 2026 · CWE-119 · CWE-125 · CWE-1274
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.