CVE-2025-25732

6.8 MEDIUM

Published: August 26, 2025 Modified: October 22, 2025

Description

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://cwe.mitre.org/data/definitions/922.html

Source: cve@mitre.org

Technical Description

https://phrack.org/issues/72/16_md

Source: cve@mitre.org

Exploit Third Party Advisory

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf

Source: cve@mitre.org

Broken Link

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf

Source: cve@mitre.org

Product

https://www.kapsch.net/en

Source: cve@mitre.org

Product

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en

Source: cve@mitre.org

Product

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.8 / 10.0

EPSS (Exploit Probability)

0.1%

26th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-922

Affected Vendors

kapsch

Related CVEs

CVE-2026-21652 N/A

CVE-2026-21651 N/A

CVE-2026-21650 N/A

CVE-2026-21649 N/A

CVE-2026-21648 N/A