CVE-2025-25733

CVSS v3.1

3.5

Low

Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28

Description: An incorrect access control issue exists in the SPI Flash Chip of the affected devices. This allows physically proximate attackers to arbitrarily modify SPI flash regions, potentially degrading the security posture of the device.

Recommendations: Update RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.2.0.829.23. Update RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.8.0.1119.42. Update RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 4.6.0.1211.28.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-1233

Related Identifiers

CVE-2025-25733

Affected Products

Ris-9160

Ris-9260

CVE-2025-25733

Weakness Enumeration

Related Identifiers

Affected Products

References · 11