4.6

CVE-2025-25735

Exploit
Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with software running on the system to modify SPI flash in real-time.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KapschRis-9160 Firmware Version3.2.0.829.23
   KapschRis-9160 Version-
KapschRis-9160 Firmware Version3.8.0.1119.42
   KapschRis-9160 Version-
KapschRis-9160 Firmware Version4.6.0.1211.28
   KapschRis-9160 Version-
KapschRis-9260 Firmware Version3.2.0.829.23
   KapschRis-9260 Version-
KapschRis-9260 Firmware Version3.8.0.1119.42
   KapschRis-9260 Version-
KapschRis-9260 Firmware Version4.6.0.1211.28
   KapschRis-9260 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.123
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection

The product uses a register lock bit protection mechanism, but it does not ensure that the lock bit prevents modification of system registers or controls that perform changes to important hardware system configuration.

https://phrack.org/issues/72/16_md
Third Party Advisory
Exploit