Firmware Update Vulnerability in EG4 Electronics Products
CVE-2025-53520

8.6HIGH

Key Information:

Vendor: Eg4 Electronics
Status: Eg4 12kpv; Eg4 18kpv; Eg4 Flex 21; Eg4 Flex 18
Vendor: CVE Published:; 8 August 2025

🔔 Create Eg4 Electronics Vulnerability Alert

What is CVE-2025-53520?

EG4 Electronics products exhibit a vulnerability that allows for firmware updates to be processed from various sources without comprehensive integrity checks. This issue stems from the use of the TTComp archive format for firmware distribution, which is unencrypted and susceptible to unauthorized modifications. Attackers could exploit this weakness by downloading tampered firmware from external sources like the EG4 website, USB dongles, or via the remote Monitoring Center. Consequently, this poses a significant risk to device security, enabling undetected alterations that could compromise the integrity of critical systems.

Affected Version(s)

EG4 12000XP all versions

EG4 12kPV all versions

EG4 18kPV all versions

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://eg4electronics.com/contact/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2025
Vulnerability Reserved
Jul 30, 2025

Credit

Anthony Rose of BC Security reported these vulnerabilities to CISA.