Cybersecurity Vulnerabilities

INZONE Hub Installer Vulnerable: Arbitrary Code Execution via DLL Hijacking (CVE-2025-64772)

December 1, 2025 - By 

Overview

A critical security vulnerability, identified as CVE-2025-64772, has been discovered in the installer of Sony’s INZONE Hub software, specifically versions 1.0.10.3 to 1.0.17.0. This vulnerability stems from an insecure DLL search path, which could allow a malicious actor to execute arbitrary code on a user’s system with the same privileges as the user running the installer.

Technical Details

The vulnerability is rooted in the way the INZONE Hub installer searches for and loads Dynamic Link Libraries (DLLs). Due to an improperly configured search path, the installer may inadvertently load a malicious DLL from a location controlled by an attacker instead of the intended, legitimate DLL. This is a classic DLL hijacking attack. An attacker could place a specially crafted DLL with the same name as a legitimate DLL in a directory that is searched earlier than the intended location. When the installer attempts to load the legitimate DLL, it will instead load the malicious one, allowing the attacker to execute arbitrary code.

CVSS Analysis

At the time of this writing, the severity and CVSS score for CVE-2025-64772 are not yet available (N/A). However, given the potential for arbitrary code execution, it is highly likely that this vulnerability will be assigned a high severity score once evaluated.

Possible Impact

The potential impact of CVE-2025-64772 is significant. An attacker who successfully exploits this vulnerability could:

  • Gain complete control over the user’s system.
  • Install malware, including ransomware, keyloggers, and spyware.
  • Steal sensitive data, such as usernames, passwords, and financial information.
  • Modify system settings and configurations.
  • Use the compromised system as a launchpad for further attacks.

Mitigation or Patch Steps

To mitigate the risk of CVE-2025-64772, users of INZONE Hub versions 1.0.10.3 to 1.0.17.0 are strongly advised to take the following steps:

  1. Check for Updates: Visit the official Sony INZONE Hub support page (linked below in the References section) and download the latest version of the software. Sony will likely release a patched version that addresses this vulnerability.
  2. Exercise Caution: Be cautious when downloading software from untrusted sources. Always download software from the official vendor’s website.
  3. Run Antivirus Software: Ensure that your antivirus software is up-to-date and actively scanning your system for malicious files.
  4. Implement Principle of Least Privilege: Limit the privileges of user accounts to only what is necessary to perform their tasks. This can help to prevent an attacker from gaining full control over the system even if they are able to execute arbitrary code.

References

JVN#28247549 – Japan Vulnerability Notes (JVN)
Sony INZONE Hub Support Page

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *