CVE-2025-25732

CVSS v3.1

6.8

Medium

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28

Description: An incorrect access control issue exists in the EEPROM component, allowing attackers to replace password hashes stored in the EEPROM with their own hashes. This leads to escalation of privileges to root.

Recommendations: Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.2.0.829.23. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.8.0.1119.42. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 4.6.0.1211.28.

Exploit

Fix

LPE

Improper Access Control

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-922

Related Identifiers

CVE-2025-25732

Affected Products

Ris-9160

Ris-9260

CVE-2025-25732

Weakness Enumeration

Related Identifiers

Affected Products

References · 12