AWS Updates - 2025-07-17

AWS Security Bulletins

CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-013/
• Published: 2025-07-17

Scope: Amazon
Content Type: Informational
Publication Date: 2025/06/12 10:30 AM PDT

Description

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.

When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.

Affected version: All