Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network
Ddos 
A newly disclosed vulnerability in the now-discontinued Amazon Cloud Cam has raised serious concerns about the risks of continuing to use unsupported smart home devices. Tracked as CVE-2025-6031 and rated CVSS 7.5 (High), the flaw allows attackers to intercept and modify network traffic by exploiting insecure device pairing mechanisms.
“When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated… The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning,” Amazon’s advisory explains.
The Amazon Cloud Cam, once marketed as a reliable smart home security camera, was officially deprecated on December 2, 2022. As an end-of-life (EOL) product, it no longer receives updates or security support from Amazon.
“This product was end of life as of December 2, 2022 and should not be used,” Amazon warns.
Despite its discontinued status, some users may still have Cloud Cams running—often unaware of the risks posed by abandoned backend infrastructure and outdated firmware.
When powered on, the Cloud Cam attempts to connect to Amazon’s now-defunct service infrastructure. Due to the lack of SSL pinning enforcement and fallback security, attackers on the same network can:
- Bypass SSL pinning
- Associate the device with an unauthorized network
- Intercept unencrypted or weakly encrypted communications
This essentially turns the device into a network surveillance point, which is particularly alarming given its original purpose as a security camera.
Donate