CVE Details
Basic Information
| Title | CVE-2025-8641 Kenwood DMX958XR Firmware Update Command Injection Vulnerability |
|---|---|
| Type | cve |
| Published | 2025-08-06T01:17:47 |
| Last Seen | 2025-08-06T01:49:26 |
| Modified | 2025-08-06T01:17:47 |
CVSS Information
| Base Score | 6.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AI Analysis
| AI Description | This vulnerability allows physically present attackers to inject commands during firmware updates on Kenwood DMX958XR devices, enabling arbitrary code execution without authentication. It poses a significant risk due to the potential for system compromise. |
|---|---|
| AI Severity | High |
| AI Vendor | JVCKenwood Corporation |
| AI Product | Kenwood DMX958XR |
| AI Version | Not specified |
Additional Information
| CVE List | CVE-2025-8641 |
|---|---|
| CWE List | CWE-78 |
| Bulletin Family | cve |
Description
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit…