CVE-2025-64772 is a vulnerability identified in the installer component of Sony Corporation's INZONE Hub software versions 1.0.10.3 through 1.0.17.0. The root cause is an uncontrolled search path element during the Dynamic Link Library (DLL) loading process. Specifically, the installer does not securely specify the DLL search path, which can lead to DLL preloading attacks. An attacker with local access can place a malicious DLL in a directory that the installer searches before the legitimate DLL location. When the installer runs, it may load the malicious DLL, resulting in arbitrary code execution with the privileges of the user executing the installer. This vulnerability requires user interaction since the installer must be run by the user, but does not require prior authentication or elevated privileges to exploit initially. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity but requiring local access and user interaction. No public exploits or active exploitation in the wild have been reported to date. The vulnerability is significant because it can lead to privilege escalation if the user running the installer has elevated rights. The issue affects a range of versions from 1.0.10.3 to 1.0.17.0, and no official patches or updates are currently linked, indicating that users should monitor vendor advisories closely. The vulnerability was reserved and published in late November and early December 2025, respectively, by the Japanese Computer Emergency Response Team (JPCERT).

For European organizations, the impact of CVE-2025-64772 can be substantial, particularly for those deploying Sony's INZONE Hub software, which is commonly used in gaming and multimedia environments. Successful exploitation can lead to arbitrary code execution, compromising system confidentiality by allowing attackers to access sensitive data, integrity by enabling unauthorized modifications, and availability by potentially disrupting system operations. Since the vulnerability requires local access and user interaction, the risk is higher in environments where users frequently install or update software without strict controls. In corporate or managed environments, this could lead to lateral movement or privilege escalation if the installer is run by privileged users. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits once the vulnerability becomes widely known. European organizations with high user interaction with such software, including gaming companies, multimedia content creators, and consumer electronics retailers, should be particularly vigilant. The vulnerability also poses a risk in hybrid work environments where endpoint security may be less controlled.

1. Restrict execution of the INZONE Hub installer to trusted administrators or users with limited privileges to reduce the risk of arbitrary code execution. 2. Implement application whitelisting and code integrity policies (e.g., Microsoft AppLocker or Windows Defender Application Control) to prevent unauthorized DLLs from loading during installation. 3. Monitor and audit DLL loading behavior during installation using tools like Sysinternals Process Monitor to detect suspicious activity. 4. Educate users about the risks of running installers from untrusted sources and enforce strict software installation policies. 5. Regularly check for and apply vendor patches or updates as soon as they become available to address the DLL search path issue. 6. Use endpoint detection and response (EDR) solutions to identify and respond to anomalous process behavior related to installer execution. 7. Isolate systems where INZONE Hub is installed from critical network segments to limit potential lateral movement in case of compromise. 8. Consider deploying software restriction policies that limit DLL search paths or enforce safe DLL loading practices if supported by the operating system.