CVE-2025-5834
BaseFortify
Publication date: 2025-06-25
Last updated on: 2025-07-08
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pioneer | dmh-wt7600nex_firmware | 3.05 |
| pioneer | dmh-wt7600nex | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1326 | A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the Pioneer DMH-WT7600NEX device and is caused by the lack of a properly configured immutable hardware root of trust in the system-on-chip (SoC). It allows a local attacker to bypass the existing authentication mechanism, escalate privileges, and execute arbitrary code during the device's boot process. [1]
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can gain elevated privileges on the affected device and execute arbitrary code during the boot process. This compromises the integrity of the device, potentially allowing unauthorized control or manipulation of the system. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not detailed in the provided resources. However, since the vulnerability involves bypassing authentication due to a missing immutable hardware root of trust in the SoC, general best practices would include restricting local access to the device, monitoring for unauthorized privilege escalations, and applying any available firmware or software updates from the vendor that address this issue once released. [1]