The vulnerability identified as CVE-2025-67135 affects the PF-50 1.2 keyfob component of the PGST PG107 Alarm System version 1.25.05.hf. The core issue is a weak security design that permits a code replay attack, where an attacker can intercept the wireless communication between the keyfob and the alarm system and later retransmit the captured code to gain unauthorized access. This type of attack exploits the absence of robust cryptographic measures such as rolling codes or mutual authentication, which are standard in modern access control systems to prevent replay attacks. The vulnerability does not require user interaction or authentication, making it easier for attackers to exploit if they are within wireless range. Although no public exploits have been reported yet, the potential for physical security breaches is significant, as unauthorized individuals could unlock doors or disable alarms. The lack of a CVSS score indicates this is a newly published vulnerability with limited public data, but the technical details suggest a critical flaw in the access control mechanism. The vulnerability affects physical security systems widely used in commercial and residential environments, emphasizing the need for urgent mitigation. The absence of patch links suggests that a fix may not yet be available, increasing the urgency for interim protective measures.

For European organizations, the impact of this vulnerability could be severe, especially for entities relying on the PGST PG107 Alarm System for physical security, such as corporate offices, government buildings, and critical infrastructure facilities. Unauthorized access could lead to theft, sabotage, or espionage, compromising both physical assets and sensitive information. The vulnerability undermines the integrity and availability of access control systems, potentially allowing attackers to disable alarms or gain entry without detection. This could result in operational disruptions, financial losses, and reputational damage. Additionally, organizations in sectors with strict regulatory compliance requirements for physical security may face legal and compliance risks if exploited. The threat is particularly relevant for environments where the PGST PG107 system is deployed extensively, and where alternative security layers are minimal or absent. Given the wireless nature of the attack, attackers only need proximity to the target, increasing the risk in densely populated or high-traffic areas.

To mitigate this vulnerability, organizations should first identify all deployed PGST PG107 Alarm Systems and specifically the PF-50 1.2 keyfobs. Since no patches are currently available, immediate steps include disabling wireless keyfob access where feasible and switching to alternative authentication methods such as wired keypads or biometric systems. Implementing physical security controls like surveillance cameras and security personnel can help detect unauthorized access attempts. Organizations should engage with the vendor to obtain firmware updates or replacement devices that incorporate rolling code technology or challenge-response authentication to prevent replay attacks. Network segmentation and monitoring of alarm system communications can help detect anomalous activity indicative of replay attacks. Additionally, educating security staff about this vulnerability and encouraging vigilance for suspicious behavior near access points is critical. Long-term mitigation involves upgrading to alarm systems with proven cryptographic protections and regularly reviewing physical security policies to address emerging threats.