CVE-2025-8649

Name of the Vulnerable Software and Affected Versions Kenwood DMX958XR (affected versions not specified)

Description This issue allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices without authentication. The flaw resides within the JKWifiService due to insufficient validation of user-supplied strings before executing system calls, enabling an attacker to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.