CVE-2025-25732

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/922.html	Technical Description
https://phrack.org/issues/72/16_md	Exploit Third Party Advisory
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf	Broken Link
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf	Product
https://www.kapsch.net/en	Product
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en	Product

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:::::::*
	cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:::::::*
	cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:::::::*

cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:::::::*
	cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:::::::*
	cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:::::::*

cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*

History

17 Sep 2025, 17:54

Type	Values Removed	Values Added
CPE		cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:::::::* cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:::::::* cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:::::::* cpe:2.3:h:kapsch:ris-9160:-:::::::* cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:::::::* cpe:2.3:h:kapsch:ris-9260:-:::::::* cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:::::::* cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:::::::*
References	~~() https://cwe.mitre.org/data/definitions/922.html -~~	() https://cwe.mitre.org/data/definitions/922.html - Technical Description
References	~~() https://phrack.org/issues/72/16_md -~~	() https://phrack.org/issues/72/16_md - Exploit, Third Party Advisory
References	~~() https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf -~~	() https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf - Broken Link
References	~~() https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf -~~	() https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf - Product
References	~~() https://www.kapsch.net/en -~~	() https://www.kapsch.net/en - Product
References	~~() https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en -~~	() https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en - Product
First Time		Kapsch ris-9160 Kapsch ris-9260 Firmware Kapsch Kapsch ris-9260 Kapsch ris-9160 Firmware

29 Aug 2025, 16:22

Type	Values Removed	Values Added
Summary		(es) Un control de acceso incorrecto en el componente EEPROM de Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, y v4.6.0.1211.28 permite a los atacantes reemplazar los hashes de contraseñas almacenados en la EEPROM con sus propios hashes, lo que lleva a la escalada de privilegios a root.

26 Aug 2025, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
CWE		CWE-284

26 Aug 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-26 15:15

Updated : 2025-09-17 17:54

NVD link : CVE-2025-25732

Mitre link : CVE-2025-25732

CVE.ORG link : CVE-2025-25732

JSON object : View

Products Affected

kapsch

ris-9260_firmware
ris-9260
ris-9160
ris-9160_firmware

CWE

CWE-284

Improper Access Control

6.5 /10