← Retour aux CVEs

CVE-2025-25733

LOW

3.5

Description

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device.

Details CVE

Score CVSS v3.13.5

SeveriteLOW

Vecteur CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vecteur d'attaquePHYSICAL

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/26/2025

Derniere modification10/22/2025

Sourcenvd

Observations honeypot0

Produits affectes

kapsch:ris-9160kapsch:ris-9160_firmwarekapsch:ris-9260kapsch:ris-9260_firmware

Faiblesses (CWE)

CWE-1233

References

https://cwe.mitre.org/data/definitions/1233.html(cve@mitre.org)

https://phrack.org/issues/72/16_md(cve@mitre.org)

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf(cve@mitre.org)

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf(cve@mitre.org)

https://www.kapsch.net/en(cve@mitre.org)

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.