PT-2025-34782 · Kapsch Trafficcom · Ris-9260+1

Gainsec

Published

2025-08-26

Updated

2025-10-22

CVE-2025-25734

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28

Description: The Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) contain an unauthenticated EFI shell. This allows attackers to execute arbitrary code or escalate privileges during the boot process.

Recommendations: Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 4.6.0.1211.28. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 3.8.0.1119.42. Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version newer than 3.2.0.829.23.

Exploit

Fix

LPE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-1233

Related Identifiers

BDU:2025-14396

CVE-2025-25734

Affected Products

Ris-9160

Ris-9260

PT-2025-34782 · Kapsch Trafficcom · Ris-9260+1

CVE-2025-25734

Weakness Enumeration

Related Identifiers

Affected Products

References · 14