CVE-2025-8654 is a high-severity remote code execution vulnerability affecting the Kenwood DMX958XR device, specifically in version 1.0.0509.3100. The flaw resides in the ReadMVGImage function, which improperly neutralizes special elements used in OS commands, leading to an OS command injection (CWE-78). This vulnerability allows an attacker who is network-adjacent—meaning they can access the same local network segment as the device—to execute arbitrary system commands without any authentication or user interaction. The root cause is the lack of proper validation or sanitization of user-supplied input before it is passed to a system call. Exploitation results in code execution with root privileges, giving the attacker full control over the device. The CVSS v3.0 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction required. Although no public exploits are currently known in the wild, the vulnerability's characteristics make it a critical risk for affected environments. The Kenwood DMX958XR is a multimedia receiver device often used in automotive or embedded contexts, which may be connected to internal networks or vehicle systems, increasing the potential impact of compromise.

For European organizations, this vulnerability poses significant risks, especially for those using Kenwood DMX958XR devices in corporate fleets, transportation services, or embedded systems within critical infrastructure. Successful exploitation could lead to complete device takeover, enabling attackers to manipulate device functionality, intercept or alter data, or pivot into broader network environments. Given the root-level access gained, attackers could deploy persistent malware, disrupt services, or use the compromised device as a foothold for lateral movement. This is particularly concerning for sectors such as automotive services, logistics, public transportation, and any organization integrating these devices into operational technology (OT) or Internet of Things (IoT) ecosystems. The lack of authentication requirement lowers the barrier for exploitation, increasing the likelihood of attacks in environments where these devices are accessible on internal networks or exposed through weak network segmentation. The potential for disruption or data compromise could result in operational downtime, financial losses, reputational damage, and regulatory consequences under GDPR if personal data is involved.

To mitigate this vulnerability, organizations should prioritize the following actions: 1) Immediately identify all Kenwood DMX958XR devices running the affected firmware version 1.0.0509.3100 within their networks. 2) Apply vendor-provided patches or firmware updates as soon as they become available; if no patches are currently released, engage with Kenwood support for guidance or consider device replacement. 3) Implement strict network segmentation to isolate these devices from critical network segments and limit access only to trusted users and systems. 4) Employ network monitoring and intrusion detection systems to detect anomalous command execution or suspicious traffic patterns targeting these devices. 5) Disable or restrict access to the ReadMVGImage functionality if configurable, or limit the exposure of the device's management interfaces to internal, secured networks only. 6) Conduct regular security assessments and penetration tests focusing on embedded devices and IoT components to identify similar vulnerabilities proactively. 7) Educate relevant personnel about the risks of unmanaged devices and enforce policies to control device deployment and firmware updates.