Software Downgrade Vulnerability in Kenwood DMX958XR Devices
CVE-2025-8656

6.8MEDIUM

Key Information:

Vendor: Kenwood
Status: Dmx958xr
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-8656?

The Kenwood DMX958XR is susceptible to a software downgrade vulnerability caused by improper validation of version information within the libSystemLib library. This flaw allows an attacker with physical access to the device to downgrade the software without the need for authentication. This unauthorized operation can potentially facilitate further exploitation of the device by executing arbitrary code with root privileges, severely compromising its security. Users are advised to implement additional physical security measures and stay updated on potential patches from the vendor to mitigate risks.

Affected Version(s)

DMX958XR 1.0.0509.3100

References

https://www.zerodayinitiative.com/advisories/ZDI-25-804/

x_research-advisory

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Aug 6, 2025