PatchSiren cyber security CVE debrief
CVE-2025-6521 TrendMakers CVE debrief
CVE-2025-6521 is a high-severity information disclosure issue in TrendMakers Sight Bulb Pro firmware. During initial setup, the device broadcasts an access point and passes AES encryption keys in cleartext during negotiation, which could let an attacker decrypt communications between the management app and the bulb, including sensitive data such as network credentials.
- Vendor
- TrendMakers
- Product
- Sight Bulb Pro Firmware ZJ_CG32-2201
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-06-26
- Original CVE updated
- 2025-06-26
- Advisory published
- 2025-06-26
- Advisory updated
- 2025-06-26
Who should care
Organizations and users deploying TrendMakers Sight Bulb Pro firmware ZJ_CG32-2201 version 8.57.83 or earlier should care, especially anyone performing first-time setup, managing multiple devices, or operating on networks where captured setup traffic could expose credentials.
Technical summary
According to the CISA CSAF advisory for CVE-2025-6521, the Sight Bulb Pro exposes AES encryption keys in cleartext during the device’s initial setup process while the bulb is acting as an access point. If those keys are captured, an attacker may be able to decrypt communications between the management app and the device, potentially revealing network credentials and other sensitive setup data. The affected product is TrendMakers Sight Bulb Pro Firmware ZJ_CG32-2201, version 8.57.83 and earlier. CISA lists the issue as CVSS 3.1 7.6 (High).
Defensive priority
High — prioritize compensating controls now for any deployed or newly commissioned devices, especially before first-time setup on untrusted or monitored networks.
Recommended defensive actions
- Restrict initial setup to a physically controlled environment to reduce the chance of traffic capture during access-point negotiation.
- Treat setup communications as sensitive and avoid performing onboarding on networks that may be monitored by unauthorized parties.
- Monitor for suspicious wireless activity or setup-related network traffic around affected devices.
- Review deployments for firmware version 8.57.83 or earlier and plan remediation with TrendMakers if an updated fix becomes available.
- Follow CISA industrial control and recommended-practices guidance for defensive hardening and monitoring.
Evidence notes
Source evidence comes from CISA advisory ICSA-25-177-02 and the linked CSAF record, both published 2025-06-26. The advisory states that during initial setup the Sight Bulb Pro broadcasts an access point and passes AES encryption keys in cleartext, and that captured keys may permit decryption of app-device communications including network credentials. The CSAF identifies the affected product as TrendMakers Sight Bulb Pro Firmware ZJ_CG32-2201: <=8.57.83. CISA also states that TrendMakers did not respond to coordination requests and recommends physical security measures plus network monitoring/signature-based detection.
Official resources
-
CVE-2025-6521 CVE record
CVE.org
-
CVE-2025-6521 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA publicly disclosed CVE-2025-6521 on 2025-06-26 in advisory ICSA-25-177-02 and noted that TrendMakers did not respond to its coordination request.