Download of code without integrity check in EG4 Electronics products - CVE-2025-53520
Published: August 8, 2025
Vulnerability identifier: #VU113775
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-53520
CWE-ID: CWE-494
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: EG4 Electronics
Affected software:
EG4 12kPV
EG4 18kPV
EG4 Flex 21
EG4 Flex 18
EG4 6000XP
EG4 12000XP
EG4 GridBoss
EG4 12kPV
EG4 18kPV
EG4 Flex 21
EG4 Flex 18
EG4 6000XP
EG4 12000XP
EG4 GridBoss
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to software does not perform software integrity check when downloading updates. A remote attacker can supply a malicious software image and gain full control over the affected system after a successful software update.
How to mitigate CVE-2025-53520
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.