CVE-2025-64772

CVSS 8.4 HIGHEPSS 0.2%CWE-427

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

01 Dec 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Sony Corporation · INZONE Hub

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN28247549/https://www.sony.com/electronics/support/others-software/inzone-hub