Improper validation of integrity check value in Panasonic IR Control Hub
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-1073 |
| CWE-ID | CWE-354 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
IR Control Hub Other software / Other software solutions |
| Vendor | Panasonic |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper validation of integrity check value
EUVDB-ID: #VU109697
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-1073
CWE-ID:
CWE-354 - Improper Validation of Integrity Check Value
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper validation of integrity check value. An attacker with physical access can load unauthorized firmware.
MitigationInstall updates from vendor's website.
Vulnerable software versionsIR Control Hub: - - 1.17
CPE2.3- cpe:2.3:a:panasonic:ir_control_hub:*:*:*:*:*:*:*:*
- cpe:2.3:a:panasonic:ir_control_hub:1.17:*:*:*:*:*:*:*
https://lsin.panasonic.com/release-notes
https://jvn.jp/en/vu/JVNVU94857368/index.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
