PT-2025-34780 · Kapsch Trafficcom · Ris-9160 +1

Jon Gaines

Published

2025-08-26

Updated

2025-08-26

CVE-2025-25732

Report an issue

CVSS v3.1

6.5

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions:

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28

Description:

An incorrect access control issue exists in the EEPROM component, allowing attackers to replace password hashes stored in the EEPROM with their own hashes. This leads to escalation of privileges to root.

Recommendations:

Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.2.0.829.23.

Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.8.0.1119.42.

Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 4.6.0.1211.28.

Fix

LPE

Improper Access Control

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-25732

Affected Products

Ris-9160

Ris-9260

PT-2025-34780 · Kapsch Trafficcom · Ris-9160 +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 9