← Voltar para CVEs
CVE-2025-25733
LOW3.5
Descricao
Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device.
Detalhes CVE
Pontuacao CVSS v3.13.5
SeveridadeLOW
Vetor CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vetor de ataquePHYSICAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/26/2025
Ultima modificacao10/22/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
kapsch:ris-9160kapsch:ris-9160_firmwarekapsch:ris-9260kapsch:ris-9260_firmware
Fraquezas (CWE)
CWE-1233
Referencias
https://cwe.mitre.org/data/definitions/1233.html(cve@mitre.org)
https://phrack.org/issues/72/16_md(cve@mitre.org)
https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf(cve@mitre.org)
https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf(cve@mitre.org)
https://www.kapsch.net/en(cve@mitre.org)
https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en(cve@mitre.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.