CVE-2025-25734
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kapsch | ris-9160_firmware | 3.2.0.829.23 |
| kapsch | ris-9160_firmware | 3.8.0.1119.42 |
| kapsch | ris-9160_firmware | 4.6.0.1211.28 |
| kapsch | ris-9160 | * |
| kapsch | ris-9260_firmware | 3.2.0.829.23 |
| kapsch | ris-9260_firmware | 3.8.0.1119.42 |
| kapsch | ris-9260_firmware | 4.6.0.1211.28 |
| kapsch | ris-9260 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1233 | The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
