Medium severity6.8NVD Advisory· Published Aug 26, 2025· Updated Jun 17, 2026
CVE-2025-25734
CVE-2025-25734
Description
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Kapsch TrafficCom/RIS-9160 & RIS-9260 Roadside Units (RSUs)description
- Range: v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28
- Range: v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28
Patches
Vulnerability mechanics
References
6- phrack.org/issues/72/16_mdnvdExploitThird Party Advisory
- cwe.mitre.org/data/definitions/1233.htmlnvdTechnical Description
- www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdfnvdBroken Link
- www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdfnvdProduct
- www.kapsch.net/ennvdProduct
- www.kapsch.net/en/press/releases/ktc-20200813-pr-ennvdProduct
News mentions
0No linked articles in our index yet.