CVE-2025-25736
MEDIUMKapsch RIS-9260 RSU LEO - Unauthenticated Root Shell Access via ADB
Title source: llmDescription
Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) and enabled by default, allowing unauthenticated root shell access to the cellular modem via the default 'kapsch' user.
References (5)
Core 5
Core References
Technical Description
https://cwe.mitre.org/data/definitions/306.html
Exploit, Third Party Advisory
https://phrack.org/issues/72/16_md
Product
https://www.kapsch.net/en
Scores
CVSS v3
6.8
EPSS
0.0031
EPSS Percentile
22.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (6)
kapsch/ris-9160_firmware
3.2.0.829.23
kapsch/ris-9160_firmware
3.8.0.1119.42
kapsch/ris-9160_firmware
4.6.0.1211.28
kapsch/ris-9260_firmware
3.2.0.829.23
kapsch/ris-9260_firmware
3.8.0.1119.42
kapsch/ris-9260_firmware
4.6.0.1211.28
Published
Aug 26, 2025
Tracked Since
Feb 18, 2026