CVE-2025-25732
MEDIUMDescription
Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password hashes stored in the EEPROM with hashes of their own, leading to the escalation of privileges to root.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| kapsch | ris-9160_firmware |
| kapsch | ris-9160_firmware |
| kapsch | ris-9160_firmware |
| kapsch | ris-9160 |
| kapsch | ris-9260_firmware |
| kapsch | ris-9260_firmware |
| kapsch | ris-9260_firmware |
| kapsch | ris-9260 |
References
Exploits
Other References
Frequently Asked Questions
What is CVE-2025-25732? +
How severe is CVE-2025-25732? +
What products are affected by CVE-2025-25732? +
How do I check if I'm vulnerable to CVE-2025-25732? +
Related Vulnerabilities
Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the …
The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This …
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: …
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored …
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and …