Amazon Cloud Cam SSL Pinning Bypass Enables Arbitrary Network Association
CVE-2025-6031 Published on June 12, 2025

Insecure device pairing in end of life Amazon Cloud Cam
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification. We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Operation on a Resource after Expiration or Release

The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.


Products Associated with CVE-2025-6031

Want to know whenever a new CVE is published for Amazon Aws? stack.watch will email you.

Amazon Aws
 

Affected Versions

Amazon Cloud Cam:

Exploit Probability

EPSS
0.06%
Percentile
18.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.