Medium severity4.6NVD Advisory· Published Aug 26, 2025· Updated Jun 17, 2026
CVE-2025-25735
CVE-2025-25735
Description
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to modify SPI flash in real-time.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Kapsch TrafficCom/RIS-9160 & RIS-9260 Roadside Units (RSUs)description
- Range: v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28
- Range: v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28
Patches
Vulnerability mechanics
References
6- phrack.org/issues/72/16_mdnvdExploitThird Party Advisory
- cwe.mitre.org/data/definitions/1233.htmlnvdTechnical Description
- www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdfnvdBroken Link
- www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdfnvdProduct
- www.kapsch.net/ennvdProduct
- www.kapsch.net/en/press/releases/ktc-20200813-pr-ennvdProduct
News mentions
0No linked articles in our index yet.