CVE-2025-8647

Name of the Vulnerable Software and Affected Versions Kenwood DMX958XR (affected versions not specified)

Description This issue allows attackers with physical access to execute arbitrary code on affected Kenwood DMX958XR devices. Exploitation does not require authentication and occurs through a flaw in the firmware update process. The vulnerability stems from insufficient validation of user-supplied input before it is used in a system call, enabling attackers to execute code with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.