CVE-2025-25734
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kapsch | ris-9160_firmware | 3.2.0.829.23 |
| kapsch | ris-9160_firmware | 3.8.0.1119.42 |
| kapsch | ris-9160_firmware | 4.6.0.1211.28 |
| kapsch | ris-9160 | * |
| kapsch | ris-9260_firmware | 3.2.0.829.23 |
| kapsch | ris-9260_firmware | 3.8.0.1119.42 |
| kapsch | ris-9260_firmware | 4.6.0.1211.28 |
| kapsch | ris-9260 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-1233 | The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28. It involves an unauthenticated EFI shell that allows attackers to execute arbitrary code or escalate privileges during the boot process.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute arbitrary code or escalate privileges during the boot process of the affected RSUs, potentially compromising the device's security and control.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70