CVE-2025-1727

Name of the Vulnerable Software and Affected Versions End-of-Train (EoT) and Head-of-Train (HoT) devices (affected versions not specified)

Description A critical vulnerability exists in the remote linking protocol used for End-of-Train (EoT) and Head-of-Train (HoT) devices, which rely on a BCH checksum for packet creation. This allows attackers to create malicious packets using a software-defined radio and issue brake control commands to the EoT device. Successful exploitation could disrupt operations, potentially overwhelming the brake systems, or even cause train derailments. The vulnerability has been known for approximately 20 years, with researchers identifying the weak authentication as early as 2012. A similar attack was reported in Poland in August 2023, where train movement was paralyzed using an adapted version of the exploit. The vulnerability allows for remote control of train brakes from a distance of several miles using relatively inexpensive equipment (approximately $500).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.