Security Advisory - Base station communication security issues of DEEBOT series products
Initial Release Date: May 8, 2025
Update Date: July 1, 2025
Vulnerability Overview
The Ecovacs DEEBOT series product base station releases an insecure Wi-Fi network. Under specific technical conditions, if an attacker successfully exploits this vulnerability, they can forge communication between the gem and the base station to further attack the base station.
Vulnerability Source
CVE-2025-30198
CVE-2025-30199
CVE-2025-30200
The vulnerability information was provided by Dennis Giese, Braelynn Luedtke, and Chris Anderson. We sincerely appreciate their contribution to the security of ECOVACS products.
Versions and Fixes
| Affected Products | Patched Versions |
| X1S PRO | 2.5.38 |
| X1 PRO OMNI | 2.5.38 |
| X1 OMNI | 2.4.45 |
| X1 TURBO | 2.4.45 |
| T10 Series | 1.11.0 |
| T20 Series | 1.25.0 |
| T30 Series | 1.100.0 |
Version Access
Devices that support automatic updates will receive system update notifications. We have proactively pushed the update to all active users. Users can complete the fix by performing the system update.
Security Incident Response
ECOVACS is committed to ensuring the best interests of our product users. We adhere to responsible disclosure principles and address security issues through our product security management process.
To report security issues related to ECOVACS products and solutions, please contact us at: product-security@ecovacs.com
ECOVACS will continue to monitor developments related to this vulnerability. Ongoing investigations are still in progress. If there are any changes, this advisory will be updated promptly. Please stay tuned for further updates.