CVE-2025-25735
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-10-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kapsch | ris-9160_firmware | 3.2.0.829.23 |
| kapsch | ris-9160_firmware | 3.8.0.1119.42 |
| kapsch | ris-9160_firmware | 4.6.0.1211.28 |
| kapsch | ris-9160 | * |
| kapsch | ris-9260_firmware | 3.2.0.829.23 |
| kapsch | ris-9260_firmware | 3.8.0.1119.42 |
| kapsch | ris-9260_firmware | 4.6.0.1211.28 |
| kapsch | ris-9260 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1233 | The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) in certain versions, where the devices lack SPI Protected Range Registers (PRRs). This allows attackers who have software running on the system to modify the SPI flash memory in real-time, potentially altering the device's firmware or data.
How can this vulnerability impact me? :
The vulnerability can allow attackers with software access on the affected RSUs to modify the SPI flash memory in real-time. This could lead to unauthorized changes to the device's firmware or data, potentially causing device malfunction, unauthorized behavior, or compromise of the system's integrity.