{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-25732", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-10-22T14:55:34.618Z", "dateReserved": "2025-02-07T00:00:00.000Z", "datePublished": "2025-08-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-26T14:51:10.396Z"}, "descriptions": [{"lang": "en", "value": "Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://cwe.mitre.org/data/definitions/922.html"}, {"url": "https://www.kapsch.net/en"}, {"url": "https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf"}, {"url": "https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf"}, {"url": "https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en"}, {"url": "https://phrack.org/issues/72/16_md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-922", "lang": "en", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-26T16:08:07.811292Z", "id": "CVE-2025-25732", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-22T14:55:34.618Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-25732", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-26T16:08:07.811292Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-922", "description": "CWE-922 Insecure Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T16:08:31.745Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://cwe.mitre.org/data/definitions/922.html"}, {"url": "https://www.kapsch.net/en"}, {"url": "https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf"}, {"url": "https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf"}, {"url": "https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en"}, {"url": "https://phrack.org/issues/72/16_md"}], "descriptions": [{"lang": "en", "value": "Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-26T14:51:10.396Z"}}}, "cveMetadata": {"cveId": "CVE-2025-25732", "state": "PUBLISHED", "dateUpdated": "2025-10-22T14:55:34.618Z", "dateReserved": "2025-02-07T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-08-26T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kapsch:ris-9160_firmware:3.2.0.829.23:*:*:*:*:*:*:*", "matchCriteriaId": "1385F53F-B8B3-460B-AF40-3E6C0373E56F", "vulnerable": true}, {"criteria": "cpe:2.3:o:kapsch:ris-9160_firmware:3.8.0.1119.42:*:*:*:*:*:*:*", "matchCriteriaId": "89FBCE38-F618-4885-9A19-4387C26B0648", "vulnerable": true}, {"criteria": "cpe:2.3:o:kapsch:ris-9160_firmware:4.6.0.1211.28:*:*:*:*:*:*:*", "matchCriteriaId": "C5A25078-2E54-4458-B2A1-12B22BFE5BC9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kapsch:ris-9160:-:*:*:*:*:*:*:*", "matchCriteriaId": "03950C43-60AC-46A7-8C69-BFFC24297EA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kapsch:ris-9260_firmware:3.2.0.829.23:*:*:*:*:*:*:*", "matchCriteriaId": "A962F165-2FB7-4CD7-A316-0696668B8CC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:kapsch:ris-9260_firmware:3.8.0.1119.42:*:*:*:*:*:*:*", "matchCriteriaId": "98025B93-400E-435F-B1C1-EBFA2777E013", "vulnerable": true}, {"criteria": "cpe:2.3:o:kapsch:ris-9260_firmware:4.6.0.1211.28:*:*:*:*:*:*:*", "matchCriteriaId": "221A418C-D55A-4A63-9711-CA8025C4C709", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:kapsch:ris-9260:-:*:*:*:*:*:*:*", "matchCriteriaId": "6AB37525-44FC-456A-ACE1-0661BC9D0CFD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root."}, {"lang": "es", "value": "Un control de acceso incorrecto en el componente EEPROM de Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, y v4.6.0.1211.28 permite a los atacantes reemplazar los hashes de contrase\u00f1as almacenados en la EEPROM con sus propios hashes, lo que lleva a la escalada de privilegios a root."}], "id": "CVE-2025-25732", "lastModified": "2025-10-22T15:15:31.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-08-26T15:15:42.080", "references": [{"source": "cve@mitre.org", "tags": ["Technical Description"], "url": "https://cwe.mitre.org/data/definitions/922.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://phrack.org/issues/72/16_md"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.kapsch.net/_Resources/Persistent/3d251a8445e0bf50093903ad70b3dbed34dec7e7/KTC-CVS_RIS-9260_DataSheet.pdf"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.kapsch.net/_Resources/Persistent/55fb8d0fb279262809eac88d457894db1b3efcd5/Kapsch_RIS-9160_Datasheet_EN.pdf"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.kapsch.net/en"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.kapsch.net/en/press/releases/ktc-20200813-pr-en"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-922"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-08-27T11:41:41.703194+00:00", "updated": "2025-08-27T11:41:41.703272+00:00", "vendors": ["kapsch", "kapsch$PRODUCT$ris-9160", "kapsch$PRODUCT$ris-9260"]}