MEDIUM🇵🇱 Wersja polska

CVE-2025-25732

CVSS 6.8v3.1pub. 2025-08-26upd. 2025-10-22

Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Kapsch Ris 9160

    HW
    Kapsch
    wszystkie wersje
  • Kapsch Ris 9160 Firmware

    OS
    Kapsch
    3.2.0.829.233.8.0.1119.424.6.0.1211.28
  • Kapsch Ris 9260

    HW
    Kapsch
    wszystkie wersje
  • Kapsch Ris 9260 Firmware

    OS
    Kapsch
    3.2.0.829.233.8.0.1119.424.6.0.1211.28
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-25734MEDIUM6.8ten sam produkt

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 ...

CVE-2025-25735MEDIUM4.6ten sam produkt

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 ...

CVE-2025-25736MEDIUM6.8ten sam produkt

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contai...

CVE-2025-25737MEDIUM6.8ten sam produkt

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 ...

CVE-2025-25733LOW3.5ten sam produkt

Nieprawidłowa kontrola dostępu w pamięci SPI Flash urządzeń przydrożnych Kapsch TrafficCom RIS-9160 i RIS-9260...