CVE-2025-25735

4.6 MEDIUM

Published: August 26, 2025 Modified: October 22, 2025

Description

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to modify SPI flash in real-time.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://cwe.mitre.org/data/definitions/1233.html

Source: cve@mitre.org

Technical Description

https://phrack.org/issues/72/16_md

Source: cve@mitre.org

Exploit Third Party Advisory

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf

Source: cve@mitre.org

Broken Link

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf

Source: cve@mitre.org

Product

https://www.kapsch.net/en

Source: cve@mitre.org

Product

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en

Source: cve@mitre.org

Product

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

4.6 / 10.0

EPSS (Exploit Probability)

0.0%

14th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-1233

Affected Vendors

kapsch

Related CVEs

CVE-2026-21652 N/A

CVE-2026-21651 N/A

CVE-2026-21650 N/A

CVE-2026-21649 N/A

CVE-2026-21648 N/A