CVE-2025-8656
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-07
Assigner: Zero Day Initiative
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jvckenwood | dmx958xr_firmware | 1.0.0509.3100 |
| jvckenwood | dmx958xr | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Kenwood DMX958XR devices and involves a failure in the protection mechanism that allows an attacker who is physically present to downgrade the device's software without needing authentication. The flaw is in the libSystemLib library, where version information is not properly validated before an update, enabling the downgrade. This can be exploited along with other vulnerabilities to execute arbitrary code with root privileges.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with physical access to downgrade the device's software, potentially enabling them to execute arbitrary code with root privileges. This can lead to full compromise of the affected device, including unauthorized control, data manipulation, or disruption of device functionality.