CVE-2025-25732
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-10-22

Assigner: MITRE

Description
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-10-22
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-25732
EUVD
EUVD-2025-25802
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
kapsch ris-9160_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9160 *
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9260 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-922 The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an incorrect access control issue in the EEPROM component of Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units. It allows attackers to replace password hashes stored in the EEPROM with their own hashes, which leads to escalation of privileges to root. Essentially, unauthorized actors can modify sensitive stored data due to insufficient write protections, enabling them to gain full control over the device. [1]

Impact Analysis

Exploitation of this vulnerability allows attackers to gain root access to the affected RSUs without physical modifications. This can lead to persistent unauthorized control over the device firmware and system software. Since these RSUs are critical infrastructure for vehicle-to-everything (V2X) communications, attackers could manipulate autonomous vehicle behavior, traffic signals, and pedestrian safety systems, potentially causing public safety hazards such as false hazard warnings or emergency vehicle rerouting. [2, 1]

Detection Guidance

Detection of this vulnerability involves identifying improper access control to the EEPROM component allowing unauthorized modification of password hashes. While no specific commands are provided, detection methods for CWE-922 (the related weakness) include automated static analysis (SAST) tools to analyze firmware or software code for insecure data flows to storage. Additionally, physical inspection of device firmware and EEPROM write permissions could help detect the vulnerability. Given the physical nature and hardware specifics, commands to check EEPROM write permissions or firmware integrity might be used, but exact commands are not detailed in the provided resources. [1, 2]

Mitigation Strategies

Immediate mitigation steps include enhancing physical security of the RSUs to prevent unauthorized physical access, as the devices are physically exposed and secured only by a few screws. Changing or setting strong BIOS supervisor and user passwords can prevent unauthorized firmware access. Additionally, restricting write access to the EEPROM and implementing proper access controls on firmware components are critical. Monitoring and updating firmware to versions that address these vulnerabilities when available is also recommended. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-25732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart