Insecure DLL Loading in INZONE Hub by Sony
CVE-2025-64772

8.4HIGH

Key Information:

Vendor: Sony Corporation
Status: Inzone Hub
Vendor: CVE Published:; 1 December 2025

🔔 Create Sony Corporation Vulnerability Alert

What is CVE-2025-64772?

The INZONE Hub installer versions 1.0.10.3 to 1.0.17.0 by Sony features a vulnerability in its DLL search path. This flaw can result in the insecure loading of Dynamic Link Libraries, potentially allowing for arbitrary code execution under the privileges of the user running the installer. The issue underscores the necessity for users to be cautious when executing installers that might be compromised.

Affected Version(s)

INZONE Hub 1.0.10.3 to 1.0.17.0

References

https://www.sony.com/electronics/support/others-software/...

https://jvn.jp/en/jp/JVN28247549/

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

CVSS V3.0

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2025
Vulnerability Reserved
Nov 21, 2025

JSON