CVE-2025-25732
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kapsch | ris-9160_firmware | 3.2.0.829.23 |
| kapsch | ris-9160_firmware | 3.8.0.1119.42 |
| kapsch | ris-9160_firmware | 4.6.0.1211.28 |
| kapsch | ris-9160 | * |
| kapsch | ris-9260_firmware | 3.2.0.829.23 |
| kapsch | ris-9260_firmware | 3.8.0.1119.42 |
| kapsch | ris-9260_firmware | 4.6.0.1211.28 |
| kapsch | ris-9260 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-922 | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an incorrect access control issue in the EEPROM component of Kapsch TrafficCom RIS-9160 and RIS-9260 Roadside Units. It allows attackers to replace password hashes stored in the EEPROM with their own hashes, which leads to escalation of privileges to root. Essentially, unauthorized actors can modify sensitive stored data due to insufficient write protections, enabling them to gain full control over the device. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows attackers to gain root access to the affected RSUs without physical modifications. This can lead to persistent unauthorized control over the device firmware and system software. Since these RSUs are critical infrastructure for vehicle-to-everything (V2X) communications, attackers could manipulate autonomous vehicle behavior, traffic signals, and pedestrian safety systems, potentially causing public safety hazards such as false hazard warnings or emergency vehicle rerouting. [2, 1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying improper access control to the EEPROM component allowing unauthorized modification of password hashes. While no specific commands are provided, detection methods for CWE-922 (the related weakness) include automated static analysis (SAST) tools to analyze firmware or software code for insecure data flows to storage. Additionally, physical inspection of device firmware and EEPROM write permissions could help detect the vulnerability. Given the physical nature and hardware specifics, commands to check EEPROM write permissions or firmware integrity might be used, but exact commands are not detailed in the provided resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enhancing physical security of the RSUs to prevent unauthorized physical access, as the devices are physically exposed and secured only by a few screws. Changing or setting strong BIOS supervisor and user passwords can prevent unauthorized firmware access. Additionally, restricting write access to the EEPROM and implementing proper access controls on firmware components are critical. Monitoring and updating firmware to versions that address these vulnerabilities when available is also recommended. [2]