Medium severity6.8NVD Advisory· Published Aug 26, 2025· Updated Jun 17, 2026
CVE-2025-25732
CVE-2025-25732
Description
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Kapsch TrafficCom/RIS-9160 & RIS-9260 Roadside Units (RSUs)description
- Range: 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28
- Range: 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28
Patches
Vulnerability mechanics
References
6- phrack.org/issues/72/16_mdnvdExploitThird Party Advisory
- cwe.mitre.org/data/definitions/922.htmlnvdTechnical Description
- www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdfnvdBroken Link
- www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdfnvdProduct
- www.kapsch.net/ennvdProduct
- www.kapsch.net/en/press/releases/ktc-20200813-pr-ennvdProduct
News mentions
0No linked articles in our index yet.