CVE-2025-65552
Published: 12 January 2026
Summary
CVE-2025-65552 is a critical-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in D3Dsecurity Zx-G12 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and SC-40 (Wireless Link Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-40 mandates cryptographic protections for wireless links, directly addressing the lack of rolling codes, message authentication, and anti-replay on the 433 MHz RF channel to prevent replay attacks.
AC-18 enforces authorization, encryption, and protection for wireless access, mitigating unauthorized recording and replay of RF alarm/control frames.
SC-8 requires integrity protection for transmissions, countering replay attacks by ensuring frames cannot be validly reused without detection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated remote RF replay attacks on the exposed 433 MHz sensor channel, directly facilitating exploitation of a public-facing interface (T1190) and remote service (T1210) to manipulate the system.
NVD Description
D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record…
more
valid alarm/control frames and replay them to trigger false alarms.
Deeper analysisAI
CVE-2025-65552 affects the D3D Wi-Fi Home Security System ZX-G12 running firmware version v2.1.1. The vulnerability involves RF replay attacks on the 433 MHz sensor communication channel, as the system lacks rolling codes, message authentication, or anti-replay protection. This allows an attacker to record valid alarm or control frames and replay them, leading to false alarms. The issue is classified under CWE-294 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), published on 2026-01-12.
An attacker within RF range of the targeted system can exploit this vulnerability without authentication or user interaction. By capturing legitimate frames transmitted over the 433 MHz channel using readily available software-defined radio tools, the attacker can replay them to manipulate the security system, such as triggering unauthorized alarms or control actions.
Further details, including potential proof-of-concept code, are available in the listed references: the vendor site at http://d3d.com and product page at https://d3dsecurity.com/products/wifi-home-security-system-model-g12, as well as the GitHub repository at https://github.com/EmbdCDACHyd/CVE/tree/main/CVE-2025-65552. No specific mitigation or patch information is detailed in the provided CVE data.
Details
- CWE(s)