PT-2025-36492 · Kiosoft+1 · Kiosoft "Stored Value" Unattended Payment Solutions+1
Steffen Robertz
·
Published
2025-09-08
·
Updated
2025-09-17
·
CVE-2025-8699
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
KioSoft "Stored Value" Unattended Payment Solutions (affected versions not specified)
Description:
KioSoft "Stored Value" Unattended Payment Solutions utilize vulnerable NFC cards. An attacker could potentially modify the balance on these cards, leading to unauthorized funds. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written. By analyzing card dumps, attackers can identify the cash value field and a checksum calculated by XOR-ing the cash value with an unknown field. Manipulating these fields allows for arbitrary amounts of money to be added to the card, up to a limit of $655.35.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiosoft "Stored Value" Unattended Payment Solutions
Mifare Classic