6.8
CVE-2025-25732
- EPSS 0.33%
- Veröffentlicht 26.08.2025 00:00:00
- Zuletzt bearbeitet 22.10.2025 15:15:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIncorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kapsch ≫ Ris-9160 Firmware Version3.2.0.829.23
Kapsch ≫ Ris-9160 Firmware Version3.8.0.1119.42
Kapsch ≫ Ris-9160 Firmware Version4.6.0.1211.28
Kapsch ≫ Ris-9260 Firmware Version3.2.0.829.23
Kapsch ≫ Ris-9260 Firmware Version3.8.0.1119.42
Kapsch ≫ Ris-9260 Firmware Version4.6.0.1211.28
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.247 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-922 Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.
https://cwe.mitre.org/data/definitions/922.html
https://www.kapsch.net/en
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en
https://phrack.org/issues/72/16_md