CVE-2025-25735

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28

Description: Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units (RSUs) lack SPI Protected Range Registers (PRRs). This allows attackers with software running on the system to modify SPI flash in real-time.

Recommendations: Update Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) to a version with SPI Protected Range Registers (PRRs) implemented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1233

Related Identifiers

BDU:2026-00039

CVE-2025-25735

Affected Products

Ris-9160

Ris-9260

CVE-2025-25735

Weakness Enumeration

Related Identifiers

Affected Products

References · 13