CVE-2025-25732

Medium CVSS: 6.8

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.

Vendor

Kapsch

Product

Ris-9160 Firmware

CWE

CWE-922

Yayın Tarihi

2025-08-26 15:15:42

Güncelleme

2025-10-22 15:15:31

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-922 Ris-9160 Firmware MEDIUM Kapsch 2025

Referanslar

https://cwe.mitre.org/data/definitions/922.html https://phrack.org/issues/72/16_md https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf https://www.kapsch.net/en https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en

Benzer Kayıtlar

Medium

CVE-2025-25737

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were disco…

Low

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829…

Medium

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discov…

Medium

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were disco…

Medium

CVE-2025-25736

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android…