6.8
CVE-2025-25734
- EPSS 0.1%
- Veröffentlicht 26.08.2025 00:00:00
- Zuletzt bearbeitet 22.10.2025 15:15:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginKapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kapsch ≫ Ris-9160 Firmware Version3.2.0.829.23
Kapsch ≫ Ris-9160 Firmware Version3.8.0.1119.42
Kapsch ≫ Ris-9160 Firmware Version4.6.0.1211.28
Kapsch ≫ Ris-9260 Firmware Version3.2.0.829.23
Kapsch ≫ Ris-9260 Firmware Version3.8.0.1119.42
Kapsch ≫ Ris-9260 Firmware Version4.6.0.1211.28
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.273 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection
The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.