CVE-2025-53520HIGH 8.8EPSS p8.7%

CVE-2025-53520CVE-2025-53520

Description

The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via a serial connection, and can install these files without integrity checks. The TTComp archive format used for the firmware is unencrypted and can be unpacked and altered without detection.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.19% probability of exploitation · percentile 8.7% · 2026-06-18T12:00:27Z
Published2025-08-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-494

References

  1. https://eg4electronics.com/contact/
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07

1

TypeTargetConfidenceTier
WeaknessDownload of Code Without Integrity Checkcwe-4940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1058
CVE
CVE-2025-48469
CVE
CVE-2025-0592
CVE
CVE-2025-41651
CVE
CVE-2025-1070
CVE
CVE-2025-41652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.