CVE-2025-8645 is an OS command injection vulnerability identified in the Kenwood DMX958XR device, specifically within its firmware update process. The vulnerability arises due to improper neutralization of special elements in user-supplied input before it is used in a system call, classified under CWE-78. This flaw allows an attacker with physical access to the device to execute arbitrary code with root privileges without requiring any authentication or user interaction. The affected firmware version is 1.0.0005.4600 (SOC Image). The vulnerability is rated with a CVSS v3.0 score of 6.8, indicating a medium severity level. The attack vector is physical (AV:P), meaning the attacker must be physically present to exploit the flaw, but the attack complexity is low (AC:L), and no privileges or user interaction are needed. Exploitation could lead to full compromise of the device, including confidentiality, integrity, and availability impacts. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability was assigned and published by the Zero Day Initiative (ZDI) under the identifier ZDI-CAN-26268.

For European organizations, the impact of this vulnerability depends largely on the deployment of Kenwood DMX958XR devices within their environments. Given that the device is a multimedia receiver commonly used in automotive or specialized equipment, organizations using these devices in fleet vehicles, transportation, or industrial settings could face significant risks. An attacker with physical access could gain root-level control, potentially leading to unauthorized data access, device manipulation, or disruption of services. This could compromise operational integrity, safety, and data confidentiality. The physical access requirement limits remote exploitation but does not eliminate insider threats or attacks in environments where devices are accessible. Additionally, compromised devices could serve as footholds for lateral movement within an organization's network if connected. The lack of authentication and ease of exploitation increase the risk in environments where physical security is not tightly controlled.

To mitigate this vulnerability, organizations should implement strict physical security controls to prevent unauthorized access to devices. Until a firmware patch is released, consider isolating affected devices from critical networks to limit potential lateral movement. Regularly audit and monitor device access logs and physical locations. If possible, disable or restrict firmware update functionality or require updates to be performed only by trusted personnel using secure methods. Engage with Kenwood or authorized vendors to obtain firmware updates or patches as soon as they become available. Additionally, implement network segmentation to minimize the impact of a compromised device and employ endpoint detection and response (EDR) solutions to detect anomalous behavior originating from these devices. Document and train staff on the risks associated with physical access to such devices to reduce insider threat risks.