CVE-2025-8651 – This vulnerability allows physically present at... (How to Fix)

Q: What is the severity of CVE-2025-8651?

CVE-2025-8651 has a CVSS score of 6.8 (MEDIUM). This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems. Attackers can exploit this without authentication by injecting malicious commands through the JKWifiService. Only users of affected Kenwood DMX958XR devices are impacted.

📋 TL;DR

This vulnerability allows physically present attackers to execute arbitrary code with root privileges on Kenwood DMX958XR car multimedia systems. Attackers can exploit this without authentication by injecting malicious commands through the JKWifiService. Only users of affected Kenwood DMX958XR devices are impacted.

💻 Affected Systems

Products:

Kenwood DMX958XR

Versions: All versions prior to patch

Operating Systems: Embedded Linux-based system

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. Requires physical access to the device's interface.

📦 What is this software?

Dmx958xr Firmware by Jvckenwood

View all CVEs affecting Dmx958xr Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full root control of the device, potentially compromising vehicle systems, stealing data, or installing persistent malware.

🟠

Likely Case

Local attacker executes arbitrary commands to modify device settings, access stored data, or disrupt normal operation.

🟢

If Mitigated

Physical access controls prevent unauthorized individuals from interacting with the device interface.

🌐 Internet-Facing: LOW - Requires physical access to the device, not remotely exploitable over internet.

🏢 Internal Only: MEDIUM - Physical access to the vehicle is required, which could occur in parking lots, service centers, or shared vehicles.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required, but physical access to the device interface is necessary for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Kenwood for specific firmware version

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-25-799/

Restart Required: Yes

Instructions:

1. Contact Kenwood support for firmware update. 2. Download latest firmware from official Kenwood website. 3. Install update via USB following manufacturer instructions. 4. Verify installation and restart device.

🔧 Temporary Workarounds

Disable WiFi Service

Kenwood DMX958XR

Temporarily disable the JKWifiService to prevent exploitation

Specific commands unavailable - requires device-specific knowledge

Physical Security Controls

all

Implement physical access controls to prevent unauthorized interaction with device

🧯 If You Can't Patch

Restrict physical access to the vehicle and device interface
Disconnect device from vehicle network if possible, or disable affected services

🔍 How to Verify

Check if Vulnerable:

Check firmware version against Kenwood's patched version list. If running unpatched firmware, assume vulnerable.

Check Version:

Navigate to Settings > System Information on device interface to view firmware version

Verify Fix Applied:

Verify firmware version matches or exceeds Kenwood's recommended patched version.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Unauthorized service access attempts

Network Indicators:

Unusual network activity from device if connected

SIEM Query:

Not applicable - primarily physical device with limited logging capabilities

📊 Metadata

CVE ID: CVE-2025-8651

CVSS v3 Score: 6.8 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

EPSS Score: 0.11% exploit probability (29.7th percentile)

Published: August 6, 2025

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-25-799/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8651, you might also want to check these: