CVE-2025-6521 – Sight Bulb Pro Cleartext AES Encryption Key Exfiltration

CVE ID : CVE-2025-6521

Published : June 27, 2025, 5:15 p.m. | 2 hours, 43 minutes ago

Description : During the initial setup of the device the user connects to an access
point broadcast by the Sight Bulb Pro. During the negotiation, AES
Encryption keys are passed in cleartext. If captured, an attacker may be
able to decrypt communications between the management app and the Sight
Bulb Pro which may include sensitive information such as network
credentials.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…