CVE-2025-25737

6.8 MEDIUM

Published: August 26, 2025 Modified: October 22, 2025

Description

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User accounts, allowing attackers to bypass authentication via a bruteforce attack.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://cwe.mitre.org/data/definitions/521.html

Source: cve@mitre.org

Technical Description

https://phrack.org/issues/72/16_md

Source: cve@mitre.org

Exploit Third Party Advisory

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf

Source: cve@mitre.org

Broken Link

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf

Source: cve@mitre.org

Product

https://www.kapsch.net/en

Source: cve@mitre.org

Product

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en

Source: cve@mitre.org

Product

6 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.8 / 10.0

EPSS (Exploit Probability)

0.3%

55th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-521

Affected Vendors

kapsch

Related CVEs

CVE-2026-21652 N/A

CVE-2026-21651 N/A

CVE-2026-21650 N/A

CVE-2026-21649 N/A

CVE-2026-21648 N/A