Cyber Resilience

CVE-2025-69822

HighPublic PoC

Published: 22 January 2026

Published
22 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0001 3.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-69822 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Atomberg Erica Smart Fan Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2025-69822 is a vulnerability in the Atomberg Erica Smart Fan Firmware version V1.0.36. The issue enables an attacker to obtain sensitive information and escalate privileges through a crafted deauth frame. It is associated with CWEs including CWE-200 (Exposure of Sensitive Information), CWE-284 (Improper Access Control), CWE-287 (Improper Authentication), and CWE-294 (Injection). The vulnerability has a CVSS v3.1 base score of 7.4, rated as High severity, with vector AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H, indicating adjacent network access, low attack complexity, no privileges or user interaction required, changed scope, no confidentiality or integrity impact, but high availability impact.

An attacker within adjacent network range, such as Wi-Fi proximity, can exploit this by sending a crafted deauthentication frame to the affected smart fan firmware. No prior privileges or user interaction are needed, allowing unauthenticated exploitation. Successful attacks result in sensitive information disclosure and privilege escalation, alongside potential high-impact denial of service due to the availability rating.

References include a GitHub repository and security assessment report from CipherX1802 detailing the Atomberg Erica Smart Fan vulnerability, available at https://github.com/CipherX1802/CVE-2025-69822-Atomberg_Erica_SmatFan_Security_Assessment.git and https://github.com/CipherX1802/CVE-2025-69822-Atomberg_Erica_SmatFan_Security_Assessment/blob/main/Atomberg_Erica_SmatFan_Security_Assessment_Report.pdf. No official vendor advisories or patches are specified in available details.

EU & UK References

Vulnerability details

An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Vulnerability in device firmware directly enables unauthenticated remote exploitation over adjacent network (Wi-Fi deauth frames) leading to information disclosure and privilege escalation on the target.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-29315Shared CWE-284
CVE-2025-55261Shared CWE-284
CVE-2025-56752Shared CWE-287
CVE-2026-21636Shared CWE-284
CVE-2025-57130Shared CWE-284
CVE-2024-53348Shared CWE-284
CVE-2025-55895Shared CWE-284
CVE-2025-20229Shared CWE-284
CVE-2026-24300Shared CWE-284
CVE-2024-57490Shared CWE-287

Affected Assets

atomberg
erica smart fan firmware
1.0.36

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires protection mechanisms for wireless access, directly blocking exploitation of crafted deauth frames on the smart fan's Wi-Fi interface.

prevent

Mandates device identification and authentication before allowing management frames, preventing unauthenticated deauth-based privilege escalation and info disclosure.

prevent

Enforces cryptographic or integrity protections on wireless links to stop spoofed deauthentication frames from affecting firmware behavior.

References