CVE-2025-6031 — Vulnetix

CVE-2025-6031 PUBLISHED CVSS 7.699999809265137 HIGH

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification. We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

EPSS 0.21% · 43.9th percentile

Risk Scores

CVSS 4.0

7.699999809265137

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.21%

43.9th percentile

Affected Products

Vendor	Product	Versions
Amazon	Cloud Cam	0

Exploit Intelligence

CIRCL seen: CVE-2025-6031 (circl-sighting)
https://aws.amazon.com/security/security-bulletins/AWS-2025-013/ (circl)

Timeline

Jun 12, 2025 Coalition ESS Score
Jun 12, 2025 CVE Published
Jun 12, 2025 PoC Published
Jun 13, 2025 EPSS Score
Jun 17, 2025 Coalition ESS Score
Jun 23, 2025 EPSS Score
Jul 4, 2025 EPSS Score
Jul 14, 2025 EPSS Score
Jul 25, 2025 EPSS Score
Aug 4, 2025 EPSS Score
Aug 14, 2025 EPSS Score
Aug 22, 2025 Coalition ESS Score

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-013/ vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-6031 advisory
https://aws.amazon.com/security/security-bulletins/AWS-2025-013 url

Open in Interactive Console →