← Volver a CVEs

CVE-2025-25733

LOW

3.5

Descripcion

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device.

Detalles CVE

Puntuacion CVSS v3.13.5

SeveridadLOW

Vector CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vector de ataquePHYSICAL

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado8/26/2025

Ultima modificacion10/22/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

kapsch:ris-9160kapsch:ris-9160_firmwarekapsch:ris-9260kapsch:ris-9260_firmware

Debilidades (CWE)

CWE-1233

Referencias

https://cwe.mitre.org/data/definitions/1233.html(cve@mitre.org)

https://phrack.org/issues/72/16_md(cve@mitre.org)

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf(cve@mitre.org)

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf(cve@mitre.org)

https://www.kapsch.net/en(cve@mitre.org)

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.