← Retour aux CVEs

CVE-2025-25734

MEDIUM

6.8

Description

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process.

Details CVE

Score CVSS v3.16.8

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaquePHYSICAL

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/26/2025

Derniere modification10/22/2025

Sourcenvd

Observations honeypot0

Produits affectes

kapsch:ris-9160kapsch:ris-9160_firmwarekapsch:ris-9260kapsch:ris-9260_firmware

Faiblesses (CWE)

CWE-284CWE-1233

References

https://cwe.mitre.org/data/definitions/1233.html(cve@mitre.org)

https://phrack.org/issues/72/16_md(cve@mitre.org)

https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf(cve@mitre.org)

https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf(cve@mitre.org)

https://www.kapsch.net/en(cve@mitre.org)

https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.