CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/1233.html	Technical Description
https://phrack.org/issues/72/16_md	Exploit Third Party Advisory
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf	Broken Link
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf	Product
https://www.kapsch.net/en	Product
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en	Product

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:::::::*
	cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:::::::*
	cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:::::::*

cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:::::::*
	cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:::::::*
	cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:::::::*

cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-26 15:15

Updated : 2025-10-22 15:15

NVD link : CVE-2025-25734

Mitre link : CVE-2025-25734

CVE.ORG link : CVE-2025-25734

JSON object : View

Products Affected

kapsch

ris-9260_firmware
ris-9260
ris-9160_firmware
ris-9160

CWE

CWE-284

Improper Access Control

CWE-1233

Security-Sensitive Hardware Controls with Missing Lock Bit Protection

{"id": "CVE-2025-25734", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2025-08-26T15:15:42.453", "references": [{"url": "https://cwe.mitre.org/data/definitions/1233.html", "tags": ["Technical Description"], "source": "[email protected]"}, {"url": "https://phrack.org/issues/72/16_md", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.kapsch.net/en", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-1233"}]}], "descriptions": [{"lang": "en", "value": "Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process."}, {"lang": "es", "value": "Se descubri\u00f3 que Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, y v4.6.0.1211.28 contienen un shell EFI no autenticado que permite a los atacantes ejecutar c\u00f3digo arbitrario o escalar privilegios durante el proceso de arranque."}], "lastModified": "2025-10-22T15:15:32.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1385F53F-B8B3-460B-AF40-3E6C0373E56F"}, {"criteria": "cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89FBCE38-F618-4885-9A19-4387C26B0648"}, {"criteria": "cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5A25078-2E54-4458-B2A1-12B22BFE5BC9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "03950C43-60AC-46A7-8C69-BFFC24297EA9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A962F165-2FB7-4CD7-A316-0696668B8CC2"}, {"criteria": "cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98025B93-400E-435F-B1C1-EBFA2777E013"}, {"criteria": "cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "221A418C-D55A-4A63-9711-CA8025C4C709"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6AB37525-44FC-456A-ACE1-0661BC9D0CFD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}