PatchSiren cyber security CVE debrief
CVE-2025-67399 Airth CVE debrief
The AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 has a vulnerability that allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller. This issue has been assigned a CVSS score of 4.6, indicating a medium severity level. The vulnerability exists due to the UART port being open to access, allowing an attacker with physical access to the device to exploit this vulnerability and obtain sensitive information. Organizations and individuals using the AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 should be aware of this vulnerability and take necessary precautions to prevent exploitation. Medium priority should be given to patching or mitigating this vulnerability.
- Vendor
- Airth
- Product
- Smart Home AQI Monitor Bootloader
- CVSS
- MEDIUM 4.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-14
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-01-14
- Advisory updated
- 2026-07-05
Who should care
Organizations and individuals using the AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 should be aware of this vulnerability and take necessary precautions to prevent exploitation.
Technical summary
The vulnerability exists in the UART port of the BK7231N controller, which is used in the AIRTH SMART HOME AQI MONITOR Bootloader version 1.005. An attacker with physical access to the device can exploit this vulnerability to obtain sensitive information.
Defensive priority
High priority should be given to patching or mitigating this vulnerability due to the potential for sensitive information disclosure, even though physical access is required.
Recommended defensive actions
- Inventory and assess the vulnerability of AIRTH SMART HOME AQI MONITOR Bootloader version 1.005 devices
- Implement compensating controls to monitor and restrict physical access to the devices
- Apply patches or updates provided by the vendor, if available
- Consider replacing the device with a newer version that is not vulnerable
Evidence notes
The CVE record was published on 2026-01-14T16:15:56.610Z and last modified on 2026-07-05T02:17:35.353Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope of affected deployments or specific exploitation details. Defenders should verify the applicability of this CVE to their environments through additional research and validation tasks.
Official resources
-
CVE-2025-67399 CVE record
CVE.org
-
CVE-2025-67399 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-14T16:15:56.610Z and has not been modified since then. The NVD entry is currently Modified.