Insufficient Verification of Data Authenticity in Pioneer DMH-WT7600NEX Device Software Updates
CVE-2025-5832

6.8MEDIUM

Key Information:

Vendor: Pioneer
Status: Dmh-wt7600nex
Vendor: CVE Published:; 25 June 2025

What is CVE-2025-5832?

The Pioneer DMH-WT7600NEX device is exposed to a vulnerability in its software update process, where inadequate verification of data authenticity allows physically present attackers to execute arbitrary code. This critical flaw derives from the absence of proper validation for all data included in software updates, enabling unauthorized code execution within the device's operational context. Without requiring any authentication, an attacker could exploit this vulnerability, posing significant risks to security and device functionality.

Affected Version(s)

DMH-WT7600NEX 3.05

References

https://www.zerodayinitiative.com/advisories/ZDI-25-352/

x_research-advisory

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 6, 2025