CVE-2025-25732

MEDIUM

Kapsch TrafficCom RIS-9160 & RIS-9260 <4.6.0.1211.28 - Privilege Es...

Title source: llm

Description

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.

References (6)

[Technical Description] https://cwe.mitre.org/data/definitions/922.html

[Exploit, Third Party Advisory] https://phrack.org/issues/72/16_md

[Broken Link] https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf

[Product] https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf

[Product] https://www.kapsch.net/en

[Product] https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en

Scores

CVSS v3 6.8

EPSS 0.0010

EPSS Percentile 28.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-922

Status published

Products (6)

kapsch/ris-9160_firmware 3.2.0.829.23

kapsch/ris-9160_firmware 3.8.0.1119.42

kapsch/ris-9160_firmware 4.6.0.1211.28

kapsch/ris-9260_firmware 3.2.0.829.23

kapsch/ris-9260_firmware 3.8.0.1119.42

kapsch/ris-9260_firmware 4.6.0.1211.28

Published Aug 26, 2025

Tracked Since Feb 18, 2026