CVE-2025-25732
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
| Software | From | Fixed in |
|---|---|---|
| kapsch / ris-9160_firmware | 3.2.0.829.23 | 3.2.0.829.23.x |
| kapsch / ris-9160_firmware | 3.8.0.1119.42 | 3.8.0.1119.42.x |
| kapsch / ris-9160_firmware | 4.6.0.1211.28 | 4.6.0.1211.28.x |
| kapsch / ris-9260_firmware | 3.2.0.829.23 | 3.2.0.829.23.x |
| kapsch / ris-9260_firmware | 3.8.0.1119.42 | 3.8.0.1119.42.x |
| kapsch / ris-9260_firmware | 4.6.0.1211.28 | 4.6.0.1211.28.x |
- https://cwe.mitre.org/data/definitions/922.html
- https://phrack.org/issues/72/16_md
- https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf
- https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf
- https://www.kapsch.net/en
- https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime