CVE-2025-10250 LOW

CVE-2025-10250: DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key

Vendor Dji
Product Mavic Spark
Weakness CWE-321
Published September 11, 2025
Last update September 11, 2025

CVSS base score

2.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

September 11, 2025 CVE published
September 11, 2025 Record updated