PT-2025-34781 · Kapsch Trafficcom · Ris-9160 +1

Published

2025-08-26

Updated

2025-08-26

CVE-2025-25733

Report an issue

CVSS v3.1

5.3

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions:

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28

Description:

An incorrect access control issue exists in the SPI Flash Chip of the affected devices. This allows physically proximate attackers to arbitrarily modify SPI flash regions, potentially degrading the security posture of the device.

Recommendations:

Update RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.2.0.829.23.

Update RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 3.8.0.1119.42.

Update RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version beyond 4.6.0.1211.28.

Fix

Improper Access Control

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-25733

Affected Products

Ris-9160

Ris-9260

PT-2025-34781 · Kapsch Trafficcom · Ris-9160 +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 9