CVE-2025-25734

6.8 MEDIUM

Published: August 26, 2025 Modified: October 22, 2025

Description

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://cwe.mitre.org/data/definitions/1233.html

Source: cve@mitre.org

Technical Description

https://phrack.org/issues/72/16_md

Source: cve@mitre.org

Exploit Third Party Advisory

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf

Source: cve@mitre.org

Broken Link

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf

Source: cve@mitre.org

Product

https://www.kapsch.net/en

Source: cve@mitre.org

Product

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en

Source: cve@mitre.org

Product

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.8 / 10.0

EPSS (Exploit Probability)

0.1%

29th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-284 CWE-1233

Affected Vendors

kapsch

Related CVEs

CVE-2026-21652 N/A

CVE-2026-21651 N/A

CVE-2026-21650 N/A

CVE-2026-21649 N/A

CVE-2026-21648 N/A