← Back to CVEs
CVE-2025-25733
LOW3.5
Description
Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device.
CVE Details
CVSS v3.1 Score3.5
SeverityLOW
CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack VectorPHYSICAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/26/2025
Last Modified10/22/2025
Sourcenvd
Honeypot Sightings0
Affected Products
kapsch:ris-9160kapsch:ris-9160_firmwarekapsch:ris-9260kapsch:ris-9260_firmware
Weaknesses (CWE)
CWE-1233
References
https://cwe.mitre.org/data/definitions/1233.html(cve@mitre.org)
https://phrack.org/issues/72/16_md(cve@mitre.org)
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf(cve@mitre.org)
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf(cve@mitre.org)
https://www.kapsch.net/en(cve@mitre.org)
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en(cve@mitre.org)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.