CVE-2025-25734

MEDIUM

Kapsch RIS-9160 & RIS-9260 Firmware - Unauthenticated Arbitrary Code Execution via EFI Shell

Title source: llm

Description

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.

References (6)

Core 6

Core References

Technical Description

https://cwe.mitre.org/data/definitions/1233.html

Exploit, Third Party Advisory

https://phrack.org/issues/72/16_md

Broken Link

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf

Product

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf

Product

https://www.kapsch.net/en

Product

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en

Scores

CVSS v3 6.8

EPSS 0.0033

EPSS Percentile 24.3%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1233 CWE-284

Status published

Products (6)

kapsch/ris-9160_firmware 3.2.0.829.23

kapsch/ris-9160_firmware 3.8.0.1119.42

kapsch/ris-9160_firmware 4.6.0.1211.28

kapsch/ris-9260_firmware 3.2.0.829.23

kapsch/ris-9260_firmware 3.8.0.1119.42

kapsch/ris-9260_firmware 4.6.0.1211.28

Published Aug 26, 2025

Tracked Since Feb 18, 2026