CVE-2025-25733

CVSS 3.5 - LOW
Description

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the device.

Affected Products
8
Vendor Product Version
kapsch ris-9160_firmware 3.2.0.829.23
kapsch ris-9160_firmware 3.8.0.1119.42
kapsch ris-9160_firmware 4.6.0.1211.28
kapsch ris-9160 -
kapsch ris-9260_firmware 3.2.0.829.23
kapsch ris-9260_firmware 3.8.0.1119.42
kapsch ris-9260_firmware 4.6.0.1211.28
kapsch ris-9260 -
References
https://cwe.mitre.org/data/definitions/1233.html
https://phrack.org/issues/72/16_md
https://www.kapsch.net/_Resources/Persistent/3d251...
https://www.kapsch.net/_Resources/Persistent/55fb8...
https://www.kapsch.net/en
https://www.kapsch.net/en/press/releases/ktc-20200...
Weakness Types
CWE-1233
CVE Information
CVE ID:
CVE-2025-25733
Published:
2025-08-26
Modified:
2025-10-22
CVSS Score:
3.5
Severity:
LOW
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Vendors
kapsch
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL